Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3054

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-3054
Last Modified 07 Mar 2011 09:25:41
Published 26 Sep 2005 03:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-3054

Summary

fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.

Vulnerable Systems

Application

  • Php 4.4.0


References

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323585

VUPEN - ADV-2005-2254

VUPEN - ADV-2005-1862

UBUNTU - USN-207-1

BID - 14957

CONFIRM - http://www.php.net/release_4_4_1.php

MANDRIVA - MDKSA-2005:213

GENTOO - GLSA-200511-08

SECUNIA - 17557

SECUNIA - 17510

SECUNIA - 17371

SECUNIA - 17229

TRUSTIX - TSLSA-2005-0059


Last Updated: 27 May 2016 10:40:47