CVE-2003-0863
CVSS7.5
发布时间 :2003-11-17 00:00:00
修订时间 :2016-10-17 22:38:04
NMCOES    

[原文]The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.


[CNNVD]PHP未定义Safe_Mode_Include_Dir选项绕过Safemode模式漏洞(CNNVD-200311-087)

        
        PHP是一款广泛使用的脚本语言解析系统,可以方便的进行WEB开发,能嵌入到HTML中使用。
        PHP存在安全漏洞,攻击者可以使用include()和require()在限制目录中调用外部文件,允许程序绕过Safe模式。
        当safe_mode_include_dir PHP指示没有定义时会出现此问题,报告当通过include()或require()调用访问文件时存在逻辑错误可导致PHP错误的运行安全检查,使攻击者绕过Safe模式模型。
        此问题可引起在使用Safe模式的环境中,如WEB资源由多个用户共享时,可使攻击者绕过安全模式未授权访问受限制资源。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:php:php:4.3
cpe:/a:php:php:4.3.2PHP PHP 4.3.2
cpe:/a:php:php:4.3.1PHP PHP 4.3.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0863
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0863
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200311-087
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=105839111204227
(UNKNOWN)  BUGTRAQ  20030716 PHP safe mode broken?

- 漏洞信息

PHP未定义Safe_Mode_Include_Dir选项绕过Safemode模式漏洞
高危 设计错误
2003-11-17 00:00:00 2005-10-20 00:00:00
本地  
        
        PHP是一款广泛使用的脚本语言解析系统,可以方便的进行WEB开发,能嵌入到HTML中使用。
        PHP存在安全漏洞,攻击者可以使用include()和require()在限制目录中调用外部文件,允许程序绕过Safe模式。
        当safe_mode_include_dir PHP指示没有定义时会出现此问题,报告当通过include()或require()调用访问文件时存在逻辑错误可导致PHP错误的运行安全检查,使攻击者绕过Safe模式模型。
        此问题可引起在使用Safe模式的环境中,如WEB资源由多个用户共享时,可使攻击者绕过安全模式未授权访问受限制资源。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 非官方补丁如下:
        修改main/fopen_wrappers.c文件中的php_check_safe_mode_include_dir函数,使用
        return -1;
        代替为:
        return 0;
        重新编译PHP并运行。
        厂商补丁:
        PHP
        ---
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.php.net

- 漏洞信息 (22911)

PHP 4.3.x Undefined Safe_Mode_Include_Dir Safemode Bypass Vulnerability (EDBID:22911)
php local
2003-07-16 Verified
0 Michal Krause
N/A [点击下载]
source: http://www.securityfocus.com/bid/8201/info

PHP is prone to an issue that may allow programs to bypass Safe Mode by calling external files in restricted directories using include() and require().

The problem is known to occur when the safe_mode_include_dir PHP directive is not defined. A logic error reportedly exists which could result in PHP failing to run a security check when attempting to access a file via an include() or require() call, potentially bypassing the Safe Mode model. This could allow unauthorized access or policy bypass in environments that use Safe Mode, such as in cases where a web server resource is shared by multiple users.

This issue is reported to exist in PHP versions 4.3.0 and later. 

<?
echo("trying to read /etc/passwd");
include("/etc/passwd");
?> 		

- 漏洞信息

11669
PHP php_check_safe_mode_include_dir Function Safemode Bypass

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-07-16 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PHP Undefined Safe_Mode_Include_Dir Safemode Bypass Vulnerability
Design Error 8201
No Yes
2003-07-16 12:00:00 2009-07-11 10:56:00
Discovery of this issue is credited to Michal Krause <michal@krause.cz>.

- 受影响的程序版本

PHP PHP 4.3.2
PHP PHP 4.3.1
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ OpenPKG OpenPKG Current
+ S.u.S.E. Linux Personal 8.2
PHP PHP 4.3
Apple Mac OS X Server 10.3.7
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3
Apple Mac OS X Server 10.2.8
Apple Mac OS X Server 10.2.7
Apple Mac OS X Server 10.2.6
Apple Mac OS X Server 10.2.5
Apple Mac OS X Server 10.2.4
Apple Mac OS X Server 10.2.3
Apple Mac OS X Server 10.2.2
Apple Mac OS X Server 10.2.1
Apple Mac OS X Server 10.2
Apple Mac OS X Server 10.1.5
Apple Mac OS X Server 10.1.4
Apple Mac OS X Server 10.1.3
Apple Mac OS X Server 10.1.2
Apple Mac OS X Server 10.1.1
Apple Mac OS X Server 10.1
Apple Mac OS X Server 10.0
Apple Mac OS X 10.3.7
Apple Mac OS X 10.3.6
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.3.3
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3
Apple Mac OS X 10.2.8
Apple Mac OS X 10.2.7
Apple Mac OS X 10.2.6
Apple Mac OS X 10.2.5
Apple Mac OS X 10.2.4
Apple Mac OS X 10.2.3
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2.1
Apple Mac OS X 10.2
Apple Mac OS X 10.1.5
Apple Mac OS X 10.1.4
Apple Mac OS X 10.1.3
Apple Mac OS X 10.1.2
Apple Mac OS X 10.1.1
Apple Mac OS X 10.1
Apple Mac OS X 10.1
Apple Mac OS X 10.0.4
Apple Mac OS X 10.0.3
Apple Mac OS X 10.0.2
Apple Mac OS X 10.0.1
Apple Mac OS X 10.0 3
Apple Mac OS X 10.0
Apple Mac OS X Server 10.3.8
Apple Mac OS X 10.3.8

- 不受影响的程序版本

Apple Mac OS X Server 10.3.8
Apple Mac OS X 10.3.8

- 漏洞讨论

PHP is prone to an issue that may allow programs to bypass Safe Mode by calling external files in restricted directories using include() and require().

The problem is known to occur when the safe_mode_include_dir PHP directive is not defined. A logic error reportedly exists which could result in PHP failing to run a security check when attempting to access a file via an include() or require() call, potentially bypassing the Safe Mode model. This could allow unauthorized access or policy bypass in environments that use Safe Mode, such as in cases where a web server resource is shared by multiple users.

This issue is reported to exist in PHP versions 4.3.0 and later.

- 漏洞利用

The following proof-of-concept has been made available:

&lt;?
echo("trying to read /etc/passwd");
include("/etc/passwd");
?&gt;

- 解决方案

This issue reportedly does not exist in PHP versions prior to 4.3.0. Though this has not been confirmed by Symantec.

Apple Computers has released advisory APPLE-SA-2005-01-25 along with a security update dealing with this and other issues. Please see the referenced advisory for more information.

Apple Computers has released Mac OS X version 10.3.8 dealing with this issue. This upgrade includes the security patches shipped with the referenced security update.


Apple Mac OS X 10.2.8

Apple Mac OS X Server 10.2.8

Apple Mac OS X Server 10.3.7

Apple Mac OS X 10.3.7

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站