SECUNIA ADVISORY ID: SA22235
VERIFY ADVISORY: http://secunia.com/advisories/22235/
CRITICAL: Less critical
IMPACT: Security Bypass
WHERE: Local system
SOFTWARE:
PHP 5.1.x - http://secunia.com/product/6796/
PHP 5.0.x - http://secunia.com/product/3919/
PHP 4.4.x - http://secunia.com/product/5768/
PHP 4.3.x - http://secunia.com/product/922/
PHP 4.2.x - http://secunia.com/product/105/
PHP 4.1.x - http://secunia.com/product/1654/
PHP 4.0.x - http://secunia.com/product/1655/
DESCRIPTION: Stefan Esser has reported a vulnerability in PHP, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to a race condition in the handling of symlinks and can be exploited to bypass the open_basedir protection mechanism. The vulnerability has been reported in PHP4 and PHP5.
SOLUTION: Disable the "symlink()" function in php.ini.
PROVIDED AND/OR DISCOVERED BY: Stefan Esser
ORIGINAL ADVISORY: http://www.hardened-php.net/advisory_082006.132.html
PHP *open_basedir* Symlink Security Bypass VulnerabilityPosted on Thursday, October 05, 2006 @ 13:04:42 CDT in Security Associated Topics
 |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
