|
|
 |
| New User, Welcome! Login |
PHP 5.3.1 open_basedir bypass
| From: |
cxib securityreason com |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
PHP 5.3.1 open_basedir bypass |
| Date: |
Thu - Dec 03, 2009 04:42 PM |
hi,
in php 5.3.1 security changelog, we can read, that safe_mode bypass in tempnam() has been already fixed. But safe_mode in 5.3 line is deprecated. We can understand security fix for open_basedir bypass, but not for safe_mode in 5.3.
Annoying is the fact, that exploit for bypass open_basedir or safe_mode in php 5.3.1 is avaliable in
http://securityreason.com/achievement_exploitalert/14
we can use symlink trick like in
http://securityreason.com/achievement_securityalert/70
The issue has been reported to PHP, but did not obtain a meaningful response.
Very similar issue has been reproted in October 2006 by Stefan Esser (SREASON:1692)
http://securityreason.com/securityalert/1692
This issue has been fixed.
Small difference, with this is that we need create fake directories structure.
best,
Maksymilian Arciemowicz
cxibTAsecurityreasonTODcom
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
