Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4825

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4825
Last Modified 05 Feb 2009 01:30:27
Published 11 Sep 2007 09:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4825

Summary

Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.

Vulnerable Systems

Application

  • Php 5.2.3


References

BUGTRAQ - 20070910 Re: PHP <=5.2.4 open_basedir bypass & code exec & denial of service

BUGTRAQ - 20070910 /* PHP <=5.2.4 open_basedir bypass & code exec & denial of service errata ... working on windows too .. */

BUGTRAQ - 20070910 PHP <=5.2.4 open_basedir bypass & code exec & denial of service

OSVDB - 45902

XF - php-dl-security-bypass(36528)

CONFIRM - http://www.php.net/releases/5_2_5.php

CONFIRM - http://www.php.net/ChangeLog-5.php#5.2.5

GENTOO - GLSA-200710-02

SREASON - 3119

SECUNIA - 28658

SECUNIA - 27102

SUSE - SUSE-SA:2008:004


Last Updated: 27 May 2016 10:45:58