Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1494

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-1494
Last Modified 07 Mar 2011 09:33:12
Published 10 Apr 2006 03:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1494

Summary

Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.

Vulnerable Systems

Application

  • Php 4.0

  • Php 4.0.0

  • Php 4.0.1

  • Php 4.0.2

  • Php 4.0.3

  • Php 4.0.4

  • Php 4.0.5

  • Php 4.0.6

  • Php 4.0.7

  • Php 4.1.0

  • Php 4.1.1

  • Php 4.1.2

  • Php 4.2

  • Php 4.2.0

  • Php 4.2.1

  • Php 4.2.2

  • Php 4.2.3

  • Php 4.3

  • Php 4.3.1

  • Php 4.3.10

  • Php 4.3.11

  • Php 4.3.2

  • Php 4.3.3

  • Php 4.3.4

  • Php 4.3.5

  • Php 4.3.6

  • Php 4.3.7

  • Php 4.3.8

  • Php 4.3.9

  • Php 4.4.0

  • Php 4.4.1

  • Php 4.4.2

  • Php 5.0

  • Php 5.0.0

  • Php 5.0.1

  • Php 5.0.2

  • Php 5.0.3

  • Php 5.0.4

  • Php 5.0.5

  • Php 5.1

  • Php 5.1.0

  • Php 5.1.1

  • Php 5.1.2


References

SREASONRES - 20060408 tempnam() open_basedir bypass PHP 4.4.2 and 5.1.2

SECUNIA - 19599

VUPEN - ADV-2006-1290

CONFIRM - https://issues.rpath.com/browse/RPL-683

XF - php-tempnam-directory-traversal(25705)

UBUNTU - USN-320-1

BID - 17439

BUGTRAQ - 20061005 rPSA-2006-0182-1 php php-mysql php-pgsql

REDHAT - RHSA-2006:0568

REDHAT - RHSA-2006:0567

SUSE - SUSE-SA:2006:024

MANDRIVA - MDKSA-2006:074

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm

SECTRACK - 1015881

SREASON - 677

SECUNIA - 22225

SECUNIA - 21723

SECUNIA - 21252

SECUNIA - 21202

SECUNIA - 21135

SECUNIA - 21125

SECUNIA - 21031

SECUNIA - 19979

SECUNIA - 19775

REDHAT - RHSA-2006:0549

SGI - 20060701-01-U


Last Updated: 27 May 2016 10:42:05