Rapid7 Vulnerability & Exploit Database

SUSE-SA:2008:004: php4, php5

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE-SA:2008:004: php4, php5

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

01/29/2008

Created

07/25/2018

Added

03/10/2008

Modified

11/18/2015

Description

Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.

Solution(s)

References

https://attackerkb.com/topics/cve-2005-4872
APPLE-SA-2007-12-17
APPLE-SA-2008-03-18
24261
26346
26462
26550
26725
26727
TA07-352A
CVE - 2005-4872
CVE - 2006-7225
CVE - 2006-7226
CVE - 2006-7227
CVE - 2006-7228
CVE - 2006-7230
CVE - 2007-1659
CVE - 2007-1660
CVE - 2007-2872
CVE - 2007-3996
CVE - 2007-3998
CVE - 2007-4658
CVE - 2007-4661
CVE - 2007-4782
CVE - 2007-4784
CVE - 2007-4825
CVE - 2007-4840
CVE - 2007-5898
DSA-1399
DSA-1444
DSA-1570
DSA-1578
DSA-1613
36083
38686
38687
38916
45902
OVAL10080
OVAL10363
OVAL10408
OVAL10562
OVAL10603
OVAL10810
OVAL10897
OVAL10911
OVAL10985
OVAL11147
OVAL11545
OVAL11615
OVAL9424
OVAL9725
RHSA-2007:0888
RHSA-2007:0889
RHSA-2007:0890
RHSA-2007:0891
RHSA-2007:0967
RHSA-2007:0968
RHSA-2007:1052
RHSA-2007:1059
RHSA-2007:1063
RHSA-2007:1065
RHSA-2007:1068
RHSA-2007:1076
RHSA-2007:1077
RHSA-2008:0505
RHSA-2008:0544
RHSA-2008:0545
RHSA-2008:0546
RHSA-2008:0582
SUSE-SA:2007:044
SUSE-SA:2007:062
SUSE-SA:2008:004
http://bugs.gentoo.org/show_bug.cgi?id=198976
http://bugs.gentoo.org/show_bug.cgi?id=201546
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.58&r2=1.445.2.14.2.59
http://docs.info.apple.com/article.html?artnum=307179
http://docs.info.apple.com/article.html?artnum=307562
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
http://lists.vmware.com/pipermail/security-announce/2008/000005.html
http://lists.vmware.com/pipermail/security-announce/2008/000014.html
http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
http://scary.beasts.org/security/CESA-2007-006.html
http://securityreason.com/securityalert/3103
http://securityreason.com/securityalert/3109
http://securityreason.com/securityalert/3114
http://securityreason.com/securityalert/3119
http://securityreason.com/securityalert/3122
http://secweb.se/en/advisories/php-imagecopyresized-integer-overflow/
http://secweb.se/en/advisories/php-imagecreatetruecolor-integer-overflow/
http://secweb.se/en/advisories/php-wordwrap-vulnerability/
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136
http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm
http://support.avaya.com/elmodocs2/security/ASA-2007-488.htm
http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm
http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm
http://www.debian.org/security/2007/dsa-1399
http://www.debian.org/security/2008/dsa-1444
http://www.debian.org/security/2008/dsa-1578
http://www.frsirt.com/english/advisories/2007/2061
http://www.frsirt.com/english/advisories/2007/3023
http://www.frsirt.com/english/advisories/2007/3386
http://www.frsirt.com/english/advisories/2007/3725
http://www.frsirt.com/english/advisories/2007/3790
http://www.frsirt.com/english/advisories/2007/4238
http://www.frsirt.com/english/advisories/2008/0398
http://www.frsirt.com/english/advisories/2008/0637
http://www.frsirt.com/english/advisories/2008/0924/references
http://www.frsirt.com/english/advisories/2008/1234/references
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
http://www.mandriva.com/security/advisories?name=MDKSA-2007:212
http://www.mandriva.com/security/advisories?name=MDKSA-2007:213
http://www.mandriva.com/security/advisories?name=MDVSA-2008:012
http://www.mandriva.com/security/advisories?name=MDVSA-2008:030
http://www.novell.com/linux/security/advisories/2008_04_php.html
http://www.pcre.org/changelog.txt
http://www.php.net/ChangeLog-4.php
http://www.php.net/ChangeLog-5.php#5.2.4
http://www.php.net/ChangeLog-5.php#5.2.5
http://www.php.net/releases/4_4_8.php
http://www.php.net/releases/5_2_3.php
http://www.php.net/releases/5_2_4.php
http://www.php.net/releases/5_2_5.php
http://www.sec-consult.com/291.html
http://www.securityfocus.com/archive/1/478726/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/470244/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/478626/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/478627/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/478630/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/478730/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/478985/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/478988/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/478989/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/483357/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/483579/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/488457/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/491693/100/0/threaded
http://www.trustix.org/errata/2007/0023/
http://www.trustix.org/errata/2007/0026/
http://www.ubuntu.com/usn/usn-549-2
http://www.ubuntu.com/usn/usn-557-1
http://www.ubuntulinux.org/support/documentation/usn/usn-547-1
http://www.ubuntulinux.org/support/documentation/usn/usn-549-1
https://bugzilla.redhat.com/show_bug.cgi?id=383371
https://bugzilla.redhat.com/show_bug.cgi?id=384761
https://bugzilla.redhat.com/show_bug.cgi?id=384781
https://bugzilla.redhat.com/show_bug.cgi?id=384801
https://issues.rpath.com/browse/RPL-1693
https://issues.rpath.com/browse/RPL-1702
https://issues.rpath.com/browse/RPL-1738
https://issues.rpath.com/browse/RPL-1943
https://launchpad.net/bugs/173043
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html
36377
36382
36383
36457
36458
36461
36528
38272
38273
39398
40020

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;