|
|
CVE Reference: CVE-2006-2660 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-2660 |
|
|
Description: Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/27049 UBUNTU http://www.ubuntu.com/usn/usn-320-1 ST 1016271 SREASON http://securityreason.com/securityalert/1069 SAID Secunia Advisory: SA21125 MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:122 FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0209.html CONFIRM http://cvs.php.net/viewcvs.cgi/php-src/NEWS?view=markup&rev=1.1247.2.920.2.134 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/436785/100/0/threaded |
|
| Return to the previous page. |
