|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA13023] PHP CURL "open_basedir" Security Bypass Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Oct 29 2004 - 10:36:55 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
PHP CURL "open_basedir" Security Bypass Vulnerability
SECUNIA ADVISORY ID:
SA13023
VERIFY ADVISORY:
http://secunia.com/advisories/13023/
CRITICAL:
Not critical
IMPACT:
Security Bypass
WHERE:
Local system
SOFTWARE:
PHP 4.0.x
http://secunia.com/product/1655/
PHP 4.1.x
http://secunia.com/product/1654/
PHP 4.2.x
http://secunia.com/product/105/
PHP 4.3.x
http://secunia.com/product/922/
DESCRIPTION:
FraMe has discovered a vulnerability in PHP, which can be exploited
by malicious, local users to access files outside the "open_basedir"
root.
The vulnerability is caused due to some CURL functions not obeying
the "open_basedir" directive, which is designed to restrict PHP
scripts in certain environments from accessing files outside the
defined root directories. This can be exploited to access files
outside the "open_basedir" root by using the functions "curl_init()"
and "curl_exec()".
The vulnerability has been confirmed on PHP version 4.3.8 with CURL
7.10.6. Other versions may also be affected.
SOLUTION:
Disable CURL support in PHP.
PROVIDED AND/OR DISCOVERED BY:
FraMe
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]