Lucene search

[email protected]NVD:CVE-2009-3557

HistoryNov 23, 2009 - 5:30 p.m.

CVE-2009-3557

2009-11-2317:30:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.007

Percentile

80.3%

JSON

The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.

Affected configurations

Nvd

Node

phpphpRange≤5.2.11

phpphpMatch1.0

phpphpMatch2.0

phpphpMatch2.0b10

phpphpMatch3.0

phpphpMatch3.0.1

phpphpMatch3.0.2

phpphpMatch3.0.3

phpphpMatch3.0.4

phpphpMatch3.0.5

phpphpMatch3.0.6

phpphpMatch3.0.7

phpphpMatch3.0.8

phpphpMatch3.0.9

phpphpMatch3.0.10

phpphpMatch3.0.11

phpphpMatch3.0.12

phpphpMatch3.0.13

phpphpMatch3.0.14

phpphpMatch3.0.15

phpphpMatch3.0.16

phpphpMatch3.0.17

phpphpMatch3.0.18

phpphpMatch4.0

phpphpMatch4.0beta_4_patch1

phpphpMatch4.0beta1

phpphpMatch4.0beta2

phpphpMatch4.0beta3

phpphpMatch4.0beta4

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.7

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.2

phpphpMatch4.4.7

phpphpMatch4.4.8

phpphpMatch4.4.9

phpphpMatch5.0.0

phpphpMatch5.0.0beta4

phpphpMatch5.0.3

phpphpMatch5.1.1

phpphpMatch5.2.1

phpphpMatch5.2.5

phpphpMatch5.2.6

phpphpMatch5.2.10

phpphpMatch5.3.0

References

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

marc.info/?l=bugtraq&m=127680701405735&w=2

news.php.net/php.announce/79

secunia.com/advisories/37412

secunia.com/advisories/37821

secunia.com/advisories/40262

securityreason.com/securityalert/6601

support.apple.com/kb/HT4077

svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/file.c?view=log

svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/file.c?view=log

svn.php.net/viewvc?view=revision&revision=288945

www.mandriva.com/security/advisories?name=MDVSA-2009:285

www.mandriva.com/security/advisories?name=MDVSA-2009:302

www.mandriva.com/security/advisories?name=MDVSA-2009:303

www.openwall.com/lists/oss-security/2009/11/20/2

www.openwall.com/lists/oss-security/2009/11/20/3

www.openwall.com/lists/oss-security/2009/11/20/5

www.php.net/ChangeLog-5.php

www.php.net/releases/5_2_12.php

www.php.net/releases/5_3_1.php

www.vupen.com/english/advisories/2009/3593

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7396

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.007

Percentile

80.3%

JSON

Related for NVD:CVE-2009-3557

cvelist1 seebug1 prion1 ubuntucve1 cve1 openvas16 securityvulns4 nessus14 slackware1 freebsd1 ubuntu1 gentoo1 threatpost1