CVE-2006-5178 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-5178
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-5178

Description: Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/29340 TURBO http://www.turbolinux.com/security/2006/TLSA-2006-38.txt ST 1016977 SREASON http://securityreason.com/securityalert/1692 SAID Secunia Advisory: SA22424 Secunia Advisory: SA22235 OPENPKG http://www.securityfocus.com/archive/1/archive/1/448953/100/0/threaded MISC http://www.hardened-php.net/advisory_082006.132.html http://www.neosecurityteam.net/index.php?action=advisories&id=26 MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:185 FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049850.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/448020/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/447649/100/0/threaded BID 20326

Return to the previous page.