PHP 5 'posix_access()'功安全模式绕过目录遍历漏洞

2008-12-10T00:00:00
ID SSV:4540
Type seebug
Reporter Root
Modified 2008-12-10T00:00:00

Description

CVE-2008-2665

PHP is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied data.

Attackers can leverage this issue to bypass security restrictions enforced by 'safe_mode' to access data outside of the root webserver directory. Successful attacks may allow an attacker to access sensitive information that could aid in further attacks.

Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux -current PHP PHP 5.2.6 Gentoo Linux 暂无


<a href=www.php.net target=_blank>www.php.net</a>