CERT-In:Indian Computer Emergency Response Team

HOME > VULNERABILITY NOTES

VULNERABILITY NOTE

CERT-In Vulnerability Note CIVN-2010-38
PHP session.save_path safe_mode and open_basedir bypass Vulnerability

Original Issue Date: March 02, 2010

Severity Rating: Medium

System Affected

PHP 5.2.12
PHP 5.3.1

Description

A vulnerability has been reported in PHP that could allow a remote attacker to bypass security restrictions. The vulnerability in PHP is due to a "safe_mode" restriction bypass issue. Successful exploits could allow an attacker to write session files in arbitrary directories. This issue occurs because the "session_save_path()" function fails to properly handle crafted parameters, allowing attackers to use "../" directory-traversal sequences to specify arbitrary local directories.

Solution

Upgrade to PHP 5.2.13 or later
http://www.php.net/

Vendor Information

PHP
http://www.php.net/

References

PHP
http://www.php.net/

SecurityFocus
http://www.securityfocus.com/bid/38182

SecurityReason http://securityreason.com/achievement_securityalert/82

Sans
http://www.sans.org/newsletters/risk/display.php?
v=9&i=8&rss=Y#10.8.10

Seclists.org
http://seclists.org/fulldisclosure/2010/Feb/208

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer

CERT-In Vulnerability Note CIVN-2010-38 PHP session.save_path safe_mode and open_basedir bypass Vulnerability

CERT-In Vulnerability Note CIVN-2010-38
PHP session.save_path safe_mode and open_basedir bypass Vulnerability