ius-coredev team mailing list archive

Thread
Date

[Bug 462057] Re: PHP 'posix_mkfifo()' 'open_basedir' Restriction Bypass Vulnerability

To: ius-coredev@xxxxxxxxxxxxxxxxxxx
From: BJ Dierkes <wdierkes@xxxxxxxxxxxxx>
Date: Tue, 27 Oct 2009 20:01:45 -0000
Reply-to: Bug 462057 <462057@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Fixes pushed to ius-el5 stable, and ius-el4 stable (php52 only)

** Changed in: ius
       Status: In Progress => Fix Released

** Changed in: ius/php52
       Status: In Progress => Fix Released

** Changed in: ius/php53
       Status: New => Fix Released

-- 
PHP 'posix_mkfifo()' 'open_basedir' Restriction Bypass Vulnerability
https://bugs.launchpad.net/bugs/462057
You received this bug notification because you are a member of IUS Core
Development, which is a direct subscriber.

Status in IUS Community Project: Fix Released
Status in IUS Community Project php52 series: Fix Released
Status in IUS Community Project php53 series: Fix Released

Bug description:
http://www.securityfocus.com/bid/36554/info

Bugtraq ID:  	 36554
Class: 	Design Error
CVE: 	
Remote: 	No
Local: 	Yes
Published: 	Sep 30 2009 12:00AM
Updated: 	Sep 30 2009 08:00PM
Credit: 	Grzegorz Stachowiak
Vulnerable: 	PHP PHP 5.3
PHP PHP 5.2.11 


http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/posix/posix.c?view=log
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/posix/posix.c?view=log

http://securityreason.com/securityalert/6600

References

[Bug 462057] [NEW] PHP 'posix_mkfifo()' 'open_basedir' Restriction Bypass Vulnerability
From: BJ Dierkes, 2009-10-27