PHP file_exists() Function open_basedir/safe_mode Bypass

2006-08-17T04:49:07
ID OSVDB:28007
Type osvdb
Reporter OSVDB
Modified 2006-08-17T04:49:07

Description

Vulnerability Description

PHP contains a flaw that may allow an attacker to bypass security restrictions. The issue is due to the file_exists() function not properly sanitizing user-supplied input. By using crafted input, an attacker may be able to bypass the safe_mode and open_basedir security restrictions.

Solution Description

Upgrade to version 4.4.4, 5.1.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHP contains a flaw that may allow an attacker to bypass security restrictions. The issue is due to the file_exists() function not properly sanitizing user-supplied input. By using crafted input, an attacker may be able to bypass the safe_mode and open_basedir security restrictions.

References:

Vendor URL: http://www.php.net/ Vendor Specific News/Changelog Entry: http://www.php.net/release_4_4_4.php Vendor Specific News/Changelog Entry: http://www.php.net/release_5_1_5.php Vendor Specific Advisory URL Secunia Advisory ID:22039 Secunia Advisory ID:21546 Secunia Advisory ID:21842 Related OSVDB ID: 27999 Related OSVDB ID: 28006 Related OSVDB ID: 28009 Related OSVDB ID: 28008 Related OSVDB ID: 28002 Related OSVDB ID: 28003 Related OSVDB ID: 28000 Related OSVDB ID: 28001 Related OSVDB ID: 28005 Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Sep/0006.html CVE-2006-4481