Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-1129
HistoryMar 26, 2010 - 12:00 a.m.

CVE-2010-1129

2010-03-2600:00:00
ubuntu.com
ubuntu.com
9

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.3%

The safe_mode implementation in PHP before 5.2.13 does not properly handle
directory pathnames that lack a trailing / (slash) character, which allows
context-dependent attackers to bypass intended access restrictions via
vectors related to use of the tempnam function.

Notes

Author Note
mdeslaur also fixed in 5.3.2 safe_mode issue
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchphp5< 5.1.2-1ubuntu3.19UNKNOWN
ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.12UNKNOWN
ubuntu9.04noarchphp5< 5.2.6.dfsg.1-3ubuntu4.6UNKNOWN
ubuntu9.10noarchphp5< 5.2.10.dfsg.1-2ubuntu6.5UNKNOWN

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.3%

Related for UB:CVE-2010-1129