PHP bz2 Extension compress.bzip2:// URL Wrapper Restriction Bypass

2007-03-13T06:15:58
ID OSVDB:33935
Type osvdb
Reporter OSVDB
Modified 2007-03-13T06:15:58

Description

Vulnerability Description

PHP contains a flaw that may allow a remote attacker to gain elevated privileges. The issue is due to the compress.bzip2:// URL wrapper provided by the bz2 extension not implementing safemode or open_basedir security checks. This may allow an attacker to read arbitrary bzip2 archives.

Solution Description

Upgrade to version 4.4.7, 5.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHP contains a flaw that may allow a remote attacker to gain elevated privileges. The issue is due to the compress.bzip2:// URL wrapper provided by the bz2 extension not implementing safemode or open_basedir security checks. This may allow an attacker to read arbitrary bzip2 archives.

References:

Vendor URL: http://www.php.net/ Secunia Advisory ID:26235 Other Advisory URL: http://www.php-security.org/MOPB/MOPB-21-2007.html Other Advisory URL: http://docs.info.apple.com/article.html?artnum=306172 CVE-2007-1461 Bugtraq ID: 22954