Back to search
CVE-2009-3558
Published: Nov 23, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20091120 Re: CVE request: php 5.3.1 update
mailing-list
x_refsource_MLIST
6600
third-party-advisory
x_refsource_SREASON
http://www.php.net/releases/5_2_12.php
x_refsource_CONFIRM
[php-announce] 20091119 5.3.1 Release announcement
mailing-list
x_refsource_MLIST
http://svn.php.net/viewvc?view=revision&revision=288943
x_refsource_CONFIRM
MDVSA-2009:285
vendor-advisory
x_refsource_MANDRIVA
37821
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2010-03-29-1
vendor-advisory
x_refsource_APPLE
http://www.php.net/ChangeLog-5.php
x_refsource_CONFIRM
http://support.apple.com/kb/HT4077
x_refsource_CONFIRM
[oss-security] 20091120 CVE request: php 5.3.1 update
mailing-list
x_refsource_MLIST
http://www.php.net/releases/5_3_1.php
x_refsource_CONFIRM
ADV-2009-3593
vdb-entry
x_refsource_VUPEN
[oss-security] 20091120 Re: CVE request: php 5.3.1 update
mailing-list
x_refsource_MLIST
37412
third-party-advisory
x_refsource_SECUNIA
MDVSA-2009:302
vendor-advisory
x_refsource_MANDRIVA
MDVSA-2009:303
vendor-advisory
x_refsource_MANDRIVA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now