Lucene search

[email protected]NVD:CVE-2009-3558

HistoryNov 23, 2009 - 5:30 p.m.

CVE-2009-3558

2009-11-2317:30:00

CWE-264

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.7%

JSON

The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.

Affected configurations

NVD

Node

phpphpRange≤5.2.10

phpphpMatch1.0

phpphpMatch2.0

phpphpMatch2.0b10

phpphpMatch3.0

phpphpMatch3.0.1

phpphpMatch3.0.2

phpphpMatch3.0.3

phpphpMatch3.0.4

phpphpMatch3.0.5

phpphpMatch3.0.6

phpphpMatch3.0.7

phpphpMatch3.0.8

phpphpMatch3.0.9

phpphpMatch3.0.10

phpphpMatch3.0.11

phpphpMatch3.0.12

phpphpMatch3.0.13

phpphpMatch3.0.14

phpphpMatch3.0.15

phpphpMatch3.0.16

phpphpMatch3.0.17

phpphpMatch3.0.18

phpphpMatch4.0

phpphpMatch4.0beta_4_patch1

phpphpMatch4.0beta1

phpphpMatch4.0beta2

phpphpMatch4.0beta3

phpphpMatch4.0beta4

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.7

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.2

phpphpMatch4.4.7

phpphpMatch4.4.8

phpphpMatch4.4.9

phpphpMatch5.0.0

phpphpMatch5.0.0beta4

phpphpMatch5.0.3

phpphpMatch5.1.1

phpphpMatch5.2.1

phpphpMatch5.2.5

phpphpMatch5.2.6

phpphpMatch5.3.0

References

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

news.php.net/php.announce/79

secunia.com/advisories/37412

secunia.com/advisories/37821

securityreason.com/securityalert/6600

support.apple.com/kb/HT4077

svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/posix/posix.c?view=log

svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/posix/posix.c?view=log

svn.php.net/viewvc?view=revision&revision=288943

www.mandriva.com/security/advisories?name=MDVSA-2009:285

www.mandriva.com/security/advisories?name=MDVSA-2009:302

www.mandriva.com/security/advisories?name=MDVSA-2009:303

www.openwall.com/lists/oss-security/2009/11/20/2

www.openwall.com/lists/oss-security/2009/11/20/3

www.openwall.com/lists/oss-security/2009/11/20/5

www.php.net/ChangeLog-5.php

www.php.net/releases/5_2_12.php

www.php.net/releases/5_3_1.php

www.vupen.com/english/advisories/2009/3593

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.7%

JSON

Related for NVD:CVE-2009-3558

cve1 seebug1 prion1 cvelist1 ubuntucve1 openvas13 securityvulns4 nessus13 slackware1 freebsd1 ubuntu1 gentoo1 threatpost1