CVE-2009-4018

2009-11-2300:00:00

ubuntu.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.2%

JSON

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and
5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and
(2) safe_mode_protected_env_vars directives, which allows context-dependent
attackers to execute programs with an arbitrary environment via the env
parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH
environment variable.

Bugs

<http://bugs.php.net/bug.php?id=49026>

Notes

Author	Note
mdeslaur	PoC in php bug report safe_mode bug

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchphp5< 5.1.2-1ubuntu3.17UNKNOWN
ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.9UNKNOWN
ubuntu8.10noarchphp5< 5.2.6-2ubuntu4.5UNKNOWN
ubuntu9.04noarchphp5< 5.2.6.dfsg.1-3ubuntu4.4UNKNOWN
ubuntu9.10noarchphp5< 5.2.10.dfsg.1-2ubuntu6.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	php5	< 5.1.2-1ubuntu3.17	UNKNOWN
ubuntu	8.04	noarch	php5	< 5.2.4-2ubuntu5.9	UNKNOWN
ubuntu	8.10	noarch	php5	< 5.2.6-2ubuntu4.5	UNKNOWN
ubuntu	9.04	noarch	php5	< 5.2.6.dfsg.1-3ubuntu4.4	UNKNOWN
ubuntu	9.10	noarch	php5	< 5.2.10.dfsg.1-2ubuntu6.3	UNKNOWN