Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 297370 (CVE-2009-3558) - <dev-lang/php-5.2.12: posix_mkfifo() open_basedir bypass (CVE-2009-3558)
Summary: <dev-lang/php-5.2.12: posix_mkfifo() open_basedir bypass (CVE-2009-3558)
Status: RESOLVED FIXED
Alias: CVE-2009-3558
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://svn.php.net/viewvc?view=revisi...
Whiteboard: B3 [glsa]
Keywords:
Depends on: 293888
Blocks:
  Show dependency tree
 
Reported: 2009-12-18 00:57 UTC by Stefan Behte (RETIRED)
Modified: 2010-01-05 21:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-12-18 00:57:59 UTC
CVE-2009-3558 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3558):
  The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and
  earlier, and 5.3.x before 5.3.1, allows context-dependent attackers
  to bypass open_basedir restrictions, and create FIFO files, via the
  pathname and mode arguments, as demonstrated by creating a .htaccess
  file.
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2010-01-05 21:14:24 UTC
GLSA 201001-03.

Thank you everyone, sorry about the delay.