Back to search
CVE-2009-3557
Published: Nov 23, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20091120 Re: CVE request: php 5.3.1 update
mailing-list
x_refsource_MLIST
http://www.php.net/releases/5_2_12.php
x_refsource_CONFIRM
40262
third-party-advisory
x_refsource_SECUNIA
6601
third-party-advisory
x_refsource_SREASON
[php-announce] 20091119 5.3.1 Release announcement
mailing-list
x_refsource_MLIST
HPSBUX02543
vendor-advisory
x_refsource_HP
MDVSA-2009:285
vendor-advisory
x_refsource_MANDRIVA
37821
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2010-03-29-1
vendor-advisory
x_refsource_APPLE
http://www.php.net/ChangeLog-5.php
x_refsource_CONFIRM
http://support.apple.com/kb/HT4077
x_refsource_CONFIRM
[oss-security] 20091120 CVE request: php 5.3.1 update
mailing-list
x_refsource_MLIST
http://www.php.net/releases/5_3_1.php
x_refsource_CONFIRM
ADV-2009-3593
vdb-entry
x_refsource_VUPEN
[oss-security] 20091120 Re: CVE request: php 5.3.1 update
mailing-list
x_refsource_MLIST
37412
third-party-advisory
x_refsource_SECUNIA
MDVSA-2009:302
vendor-advisory
x_refsource_MANDRIVA
oval:org.mitre.oval:def:7396
vdb-entry
signature
x_refsource_OVAL
SSRT100152
vendor-advisory
x_refsource_HP
http://svn.php.net/viewvc?view=revision&revision=288945
x_refsource_CONFIRM
MDVSA-2009:303
vendor-advisory
x_refsource_MANDRIVA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now