Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 109669 - dev-php/{mod_php|php} Possible local safedir restriction bypass
Summary: dev-php/{mod_php|php} Possible local safedir restriction bypass
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: PHP Bugs
URL: http://www.securityfocus.com/archive/...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-10-17 22:57 UTC by Sune Kloppenborg Jeppesen
Modified: 2005-11-03 08:44 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen gentoo-dev 2005-10-17 22:57:42 UTC
Reported on Bugtraq, though not sure how secure safedir is in the first place: 
 
There is a vulnerability (local safedir restriction bypass) identified within 
the GD extension affecting 
 the following functions: 
 - imagegif() 
 - imagepng() 
 - imagejpeg() 
  
 in /ext/gd/gd.c line 1647 
  
 Which is now fixed in the cvs 
 http://cvs.php.net/co.php/php-src/ext/gd/gd.c?r=1.312.2.1#1786
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-10-18 00:51:00 UTC
Note: PHP devs do not consider basedir bypass using extensions as security
vulnerabilities. See bug 69643 for another example...
Comment 2 Sune Kloppenborg Jeppesen gentoo-dev 2005-10-19 10:39:41 UTC
Safedir is not safe -> reassigning to php-bugs. 
Comment 3 Luca Longinotti (RETIRED) gentoo-dev 2005-11-03 08:44:11 UTC
Fixed in CVS with the latest revisions of all PHP packages.

For new-style PHP:
dev-lang/php-4.3.11-r3
dev-lang/php-4.4.0-r3
dev-lang/php-4.4.1
dev-lang/php-5.0.4-r3
dev-lang/php-5.0.5-r3

For old-style PHP:
dev-php/php-4.3.11-r3
dev-php/php-4.4.0-r3
dev-php/php-cgi-4.3.11-r4
dev-php/php-cgi-4.4.0-r4
dev-php/mod_php-4.3.11-r3 (old-style Apache config layout)
dev-php/mod_php-4.4.0-r6 (old-style Apache config layout)
dev-php/mod_php-4.4.0-r7 (new-style Apache config layout)

Best regards, CHTEKK.