297374 – (CVE-2009-4018) <dev-lang/php-{5.2.11,5.3.2}: proc_open() safe_mode bypass (CVE-2009-4018)

Bug 297374 (CVE-2009-4018) - <dev-lang/php-{5.2.11,5.3.2}: proc_open() safe_mode bypass (CVE-2009-4018)

Summary: <dev-lang/php-{5.2.11,5.3.2}: proc_open() safe_mode bypass (CVE-2009-4018)

Status:	RESOLVED FIXED

Alias:	CVE-2009-4018

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://svn.php.net/viewvc/php/php-src...
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2009-12-18 01:14 UTC by Stefan Behte (RETIRED)
Modified:	2011-01-02 19:30 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2009-12-18 01:14:11 UTC

CVE-2009-4018 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4018):
  The proc_open function in ext/standard/proc_open.c in PHP before
  5.2.11 and 5.3.x before 5.3.1 does not enforce the (1)
  safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars
  directives, which allows context-dependent attackers to execute
  programs with an arbitrary environment via the env parameter, as
  demonstrated by a crafted value of the LD_LIBRARY_PATH environment
  variable.

Comment 1 Matti Bickel (RETIRED) gentoo-dev

2010-12-19 15:30:39 UTC

This is over a year old. Security, please close this.

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2011-01-02 19:04:08 UTC

safe_mode bypass + age -> vote No GLSA.

Comment 3 Tim Sammut (RETIRED) gentoo-dev

2011-01-02 19:30:20 UTC

(In reply to comment #2)
> safe_mode bypass + age -> vote No GLSA.
> 

Agreed, closing noglsa.