Mandrake Linux Security Advisory : php (MDKSA-2006:035)

A flaw in the PHP gd extension in versions prior to 4.4.1 could allow a remote attacker to bypass safemode and openbasedir restrictions via unknown attack vectors. The updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

Ubuntu 4.10 / 5.04 / 5.10 : php4, php5 vulnerabilities (USN-232-1)

Eric Romang discovered a local Denial of Service vulnerability in the handling of the 'session.savepath' parameter in PHP's Apache 2.0 module. By setting this parameter to an invalid value in an .htaccess file, a local user could crash the Apache server. CVE-2005-3319 A Denial of Service flaw was...

Ubuntu 4.10 / 5.04 : php4 vulnerability (USN-207-1)

A bug has been found in the handling of the openbasedir directive handling. Contrary to the specification, the value of openbasedir was handled as a prefix instead of a proper directory name even if it was terminated by a slash '/'. For example, this allowed PHP scripts to access the directory...

Mandrake Linux Security Advisory : curl (MDKSA-2005:224)

Stefan Esser discovered that libcurl's URL parser function can have a malloced buffer overflows in two ways if given a too long URL. It cannot be triggered by a redirect, which makes remote exploitation unlikely, but can be passed directly to libcurl allowing for local exploitation and could also...

Ubuntu 4.10 : php4 vulnerability (USN-66-2)

Ubuntu Security Notice USN-66-1 described a circumvention of the 'openbasedir' restriction by using the cURL module. Adam Conrad discovered that the fix from USN-66-1 still allowed to bypass this restriction with certain variants of path specifications. In addition this update fixes the crash of...

Ubuntu 4.10 : php4 vulnerabilities (USN-66-1)

FraMe from kernelpanik.org reported that the cURL module does not respect openbasedir restrictions. As a result, scripts which used cURL to open files with an user-specified path could read arbitrary local files outside of the openbasedir directory. Stefano Di Paola discovered a vulnerability in...

USN-232-1: PHP vulnerabilities

Eric Romang discovered a local Denial of Service vulnerability in the handling of the 'session.savepath' parameter in PHP's Apache 2.0 module. By setting this parameter to an invalid value in an .htaccess file, a local user could crash the Apache server. CVE-2005-3319 A Denial of Service flaw was...

GLSA-200512-09 : cURL: Off-by-one errors in URL handling

The remote host is affected by the vulnerability described in GLSA-200512-09 cURL: Off-by-one errors in URL handling Stefan Esser from the Hardened-PHP Project has reported a vulnerability in cURL that allows for a local buffer overflow when cURL attempts to parse specially crafted URLs. The URL...

PHP: Multiple vulnerabilities

Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version and also stand-alone in a CLI. Description Multiple vulnerabilities have been found and fixed in PHP: a possible $GLOBALS...

CVE-2005-3391

Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safemode and openbasedir restrictions via unknown attack vectors in 1 ext/curl and 2 ext/gd...

CVE-2005-3392

Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safemode and openbasedir directives...

CVE-2005-3392

Technical details for CVE-2005-3392 are not provided in the supplied connected documents; no product/version/impact data is available here. Monitor for official updates from vendors and advisories.

CVE-2005-3391

CVE-2005-3391 affects PHP before 4.4.1, with multiple vulnerabilities in ext/curl and ext/gd that allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors. The provided documents do not include concrete patch versions or remediation steps for this CVE; e...

EUVD-2005-3390

Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safemode and openbasedir restrictions via unknown attack vectors in 1 ext/curl and 2 ext/gd...

PHP open_basedir protection bypass

Under some rare conditions it's possible to open file from different directory...

USN-207-1: PHP vulnerability

A bug has been found in the handling of the openbasedir directive handling. Contrary to the specification, the value of openbasedir was handled as a prefix instead of a proper directory name even if it was terminated by a slash '/'. For example, this allowed PHP scripts to access the directory...

[SA16971] PHP Trailing Slash "open_basedir" Security Bypass

TITLE: PHP Trailing Slash "openbasedir" Security Bypass SECUNIA ADVISORY ID: SA16971 VERIFY ADVISORY: http://secunia.com/advisories/16971/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: Local system SOFTWARE: PHP 4.4.x http://secunia.com/product/5768/ PHP 5.0.x...

CVE-2005-3054

fopenwrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the openbasedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original...

CVE-2005-3054

fopenwrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the openbasedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original...

USN-66-2: PHP vulnerability

Ubuntu Security Notice USN-66-1 described a circumvention of the "openbasedir" restriction by using the cURL module. Adam Conrad discovered that the fix from USN-66-1 still allowed to bypass this restriction with certain variants of path specifications. In addition this update fixes the crash of...