Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2009-3557
HistoryNov 23, 2009 - 12:00 a.m.

CVE-2009-3557

2009-11-2300:00:00
ubuntu.com
ubuntu.com
9

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.1%

JSON

The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x
before 5.3.1 allows context-dependent attackers to bypass safe_mode
restrictions, and create files in group-writable or world-writable
directories, via the dir and prefix arguments.

Notes

Author Note
mdeslaur safe_mode is not supported
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchphp5< 5.1.2-1ubuntu3.17UNKNOWN
ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.9UNKNOWN
ubuntu8.10noarchphp5< 5.2.6-2ubuntu4.5UNKNOWN
ubuntu9.04noarchphp5< 5.2.6.dfsg.1-3ubuntu4.4UNKNOWN
ubuntu9.10noarchphp5< 5.2.10.dfsg.1-2ubuntu6.3UNKNOWN

Related

seebug 1
prion 1
cve 1
openvas 16
securityvulns 4
nessus 14
slackware 1
freebsd 1
ubuntu 1
gentoo 1
threatpost 1
seebug
seebug
PHP tempname()函数绕过safe_mode安全限制漏洞
2009-11-30 00:00:00
prion
prion
Design/Logic Flaw
2009-11-23 17:30:00
cve
cve
CVE-2009-3557
2009-11-23 17:30:00
openvas
openvas
PHP Multiple Restriction-Bypass Vulnerabilities
2009-10-01 00:00:00
Mandriva Security Advisory MDVSA-2009:303 (php)
2009-12-03 00:00:00
Mandriva Security Advisory MDVSA-2009:303 (php)
2009-12-03 00:00:00
securityvulns
securityvulns
PHP multiple security vulnerabilities
2009-12-04 00:00:00
[ MDVSA-2009:302 ] php
2009-11-24 00:00:00
PHP multiple security vulnerabilities
2010-01-08 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : php (MDVSA-2009:285)
2009-10-22 00:00:00
Mandriva Linux Security Advisory : php (MDVSA-2009:303)
2010-07-30 00:00:00
PHP 5.2.x < 5.2.12 Multiple Vulnerabilities
2009-12-18 00:00:00
slackware
slackware
[slackware-security] php
2010-01-25 05:20:07
freebsd
freebsd
php -- multiple vulnerabilities
2009-12-17 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2009-11-26 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2010-01-05 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.1%

JSON
Related for UB:CVE-2009-3557
seebug1prion1cve1openvas16securityvulns4nessus14slackware1freebsd1ubuntu1gentoo1threatpost1