PHP escapeshellarg() Security Bypass

2004-06-07T08:32:52
ID OSVDB:6737
Type osvdb
Reporter 3apa3a(3APA3A@security.nnov.ru)
Modified 2004-06-07T08:32:52

Description

Vulnerability Description

PHP contains a flaw that may allow a malicious user to bypass security restriction. The issue is due to input validation error in the escapeshellarg() routine. The escapeshellarg() routine fails to filter the characters "%", allowing a remote attacker to access environment variables. The flaw will result in a loss of confidentiality and integrity.

Solution Description

Upgrade to version 4.3.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHP contains a flaw that may allow a malicious user to bypass security restriction. The issue is due to input validation error in the escapeshellarg() routine. The escapeshellarg() routine fails to filter the characters "%", allowing a remote attacker to access environment variables. The flaw will result in a loss of confidentiality and integrity.

References:

Vendor URL: http://www.php.net/ Secunia Advisory ID:11792 Related OSVDB ID: 6710 Other Advisory URL: http://www.idefense.com/application/poi/display?id=108&type=vulnerabilities Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0123.html ISS X-Force ID: 16331 CVE-2004-0542