CVE Reference: CVE-2007-4652

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2007-4652

Description:
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/36387

TRUSTIX
  http://www.trustix.org/errata/2007/0026/

SAID
  Secunia Advisory: SA26642
  Secunia Advisory: SA26822
  Secunia Advisory: SA26838
  Secunia Advisory: SA27377
  Secunia Advisory: SA27102

GENTOO
  http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml

CONFIRM
  http://www.php.net/releases/5_2_4.php
  http://www.php.net/ChangeLog-5.php#5.2.4


Return to the previous page.