IUS Community Project

PHP 'tempname()' 'safe_mode' Restriction-Bypass Vulnerability

Bug #447752 reported by BJ Dierkes on 2009-10-10

262

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	IUS Community Project	Fix Released	High	BJ Dierkes

Bug Description

http://www.securityfocus.com/bid/36555/

Tags:

Related branches

lp:~ius-coredev/ius/php52

lp:~ius-coredev/ius/php53u

Revision history for this message

BJ Dierkes (derks) wrote on 2009-10-10:

PHP 'tempname()' 'safe_mode' Restriction-Bypass Vulnerability

Bugtraq ID: 36555
Class: Design Error
CVE:
Remote: No
Local: Yes
Published: Sep 30 2009 12:00AM
Updated: Sep 30 2009 08:00PM
Credit: Grzegorz Stachowiak from SecurityReason
Vulnerable: PHP PHP 5.3
PHP PHP 5.2.11

Revision history for this message

BJ Dierkes (derks) wrote on 2009-10-10:

# /[svn]/php/php-src/branches/PHP_5_2/ext/standard/file.c (PHP)
# /[svn]/php/php-src/branches/PHP_5_3/ext/standard/file.c (PHP)
# PHP 5.2.11 tempnam() safe_mode bypass (Security Reason)
# PHP Homepage (PHP)

tags:

added: php53 security

BJ Dierkes (derks) on 2009-10-10

visibility:

private → public

Revision history for this message

BJ Dierkes (derks) wrote on 2009-10-11:

Diff of php-5.3.0/ext/standard/file.c from upstream CVS Edit (1.3 KiB, text/plain)

Revision history for this message

BJ Dierkes (derks) wrote on 2009-10-11:

Diff of php-5.2.11/ext/standard/file.c from upstream CVS Edit (1.1 KiB, text/plain)

Revision history for this message

BJ Dierkes (derks) wrote on 2009-10-12:

Packages for php52 and php53 that resolve this vulnerability have been pushed to ius-el5 stable.

======================================================================
Build: php52-5.2.11-2.ius
----------------------------------------------------------------------

Package Description:

PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages.

---

Update Information:

%changelog
- Only install /etc/rpm/macros.pear if building with pear. Resolves
  LaunchPad Bug #448260.
- Added Patch309: php-5.2.11-bug447752.patch resolves LaunchPad Bug
  447752, Security Focus Bugtraq ID 36555 PHP tempname() safe_mode
  Restriction-Bypass Vulnerability

---

References:

[ 1 ] Bug #447752 - PHP 'tempname()' 'safe_mode' Restriction-Bypass
Vulnerability
https://bugs.launchpad.net/ius/+bug/447752
[ 2 ] Bug #448260 - conflict between php53-devel and php53-pear
https://bugs.launchpad.net/ius/+bug/447752

======================================================================
Build: php53-5.3.0-5.ius
----------------------------------------------------------------------

Package Description:

PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages.

---

Update Information:

%changelog
* Sat Oct 10 2009 BJ Dierkes <email address hidden> - 5.3.0-5.ius
- Only install /etc/rpm/macros.pear if building with pear. Resolves
  LaunchPad Bug #448260.
- Added Patch309: php-5.3.0-bug447752.patch resolves LaunchPad Bug
  447752, Security Focus Bugtraq ID 36555 PHP tempname() safe_mode
  Restriction-Bypass Vulnerability

---

References:

Changed in ius:
status:	New → Fix Released

Ricardo Reis (ricardo-areis) on 2010-09-20

Changed in ius:
status:	Fix Released → Fix Committed
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.