PHP libxml RSHUTDOWN安全限制绕过漏洞(CVE-2012-1171)

BUGTRAQ ID: 65673 CVECAN ID: CVE-2012-1171 PHP是一种HTML内嵌式的语言。 PHP 5.x版本内的libxml RSHUTDOWN函数可使远程攻击者在用自定义流封装器时调用streamclose方法，绕过openbasedir保护机制，读取敏感文件。 0 PHP PHP 5.5.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net/downloads.php...

CVE-2012-1171

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper...

Design/Logic Flaw

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...

php5-sqlite -- open_basedir bypass

MITRE CVE team reports: The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...

PHP safe_mode and open_basedir protection bypass

It's possible to access directories above basedir with sessionsavepath...

PHP4 cURL functions bypass open_basedir

==================================================== Subject: PHP4 cURL functions bypass openbasedir Author: frame at kernelpanik.org Product: PHP4 compile with cURL not tested in PHP5 Vendor: PHP/Zend Vendor URL: www.php.net Tipe: Local Risk: Low/Medium...