Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 297370 (CVE-2009-3558)

Summary: <dev-lang/php-5.2.12: posix_mkfifo() open_basedir bypass (CVE-2009-3558)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: php-bugs
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://svn.php.net/viewvc?view=revision&revision=288943
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 293888    
Bug Blocks:    

Description Stefan Behte (RETIRED) gentoo-dev Security 2009-12-18 00:57:59 UTC 
CVE-2009-3558 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3558):
  The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and
  earlier, and 5.3.x before 5.3.1, allows context-dependent attackers
  to bypass open_basedir restrictions, and create FIFO files, via the
  pathname and mode arguments, as demonstrated by creating a .htaccess
  file.
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2010-01-05 21:14:24 UTC 
GLSA 201001-03.

Thank you everyone, sorry about the delay.