PHP tempnam function safe_mode Restriction Bypass Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	03/26/2010
Severity:	High
Application Affected:	PHP 5.2.13 and earlier
Identifiers:	CVE-2010-1129

Synopsis

PHP version 5.2.13 and earlier is vulnerable to restriction bypass Vulnerability. This could allow an attacker to access files in unauthorized locations or create files in any writable directory.

Recommended Actions

Update the patches as guided by vendor at :
http://www.php.net/releases/5_2_13.php

Threat Analysis

PHP is an HTML-embedded scripting language. PHP version 5.2.13 and earlier is vulnerable to restriction bypass Vulnerability. The issue is due to improper handling of directory pathnames that lack a trailing / (slash) character.

An attacker could exploit this vulnerability to bypass security restrictions. Successful exploitation of vulnerability could allow an attacker to access files in unauthorized locations or create files in any writable directory.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1129

Write-up by: Anupam Kumar