CVE-2005-3054
CVSS2.1
发布时间 :2005-09-26 15:03:00
修订时间 :2011-03-07 21:25:41
NMCOPS    

[原文]fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.


[CNNVD]PHP Open_BaseDir安全限制绕过漏洞(CNNVD-200509-247)

        PHP是广泛使用的通用目的脚本语言,尤其适合于Web开发,可嵌入到HTML。
        PHP的fopen_wrappers.c实现上存在输入验证漏洞,攻击者可能利用漏洞遍历系统目录。
        如果open_basedir指令包含有斜杠("/")的话,PHP的fopen_wrappers.c不能正确的限制对其他目录的访问,允许一个目录中的PHP脚本访问其他目录中的文件。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3054
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3054
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200509-247
(官方数据源) CNNVD

- 其它链接及资源

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323585
(VENDOR_ADVISORY)  CONFIRM  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323585
http://www.vupen.com/english/advisories/2005/2254
(UNKNOWN)  VUPEN  ADV-2005-2254
http://www.vupen.com/english/advisories/2005/1862
(UNKNOWN)  VUPEN  ADV-2005-1862
http://www.ubuntulinux.org/support/documentation/usn/usn-207-1
(UNKNOWN)  UBUNTU  USN-207-1
http://www.securityfocus.com/bid/14957
(UNKNOWN)  BID  14957
http://www.php.net/release_4_4_1.php
(UNKNOWN)  CONFIRM  http://www.php.net/release_4_4_1.php
http://www.mandriva.com/security/advisories?name=MDKSA-2005:213
(UNKNOWN)  MANDRIVA  MDKSA-2005:213
http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml
(UNKNOWN)  GENTOO  GLSA-200511-08
http://secunia.com/advisories/17557
(UNKNOWN)  SECUNIA  17557
http://secunia.com/advisories/17510
(UNKNOWN)  SECUNIA  17510
http://secunia.com/advisories/17371
(UNKNOWN)  SECUNIA  17371
http://secunia.com/advisories/17229
(UNKNOWN)  SECUNIA  17229
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
(UNKNOWN)  TRUSTIX  TSLSA-2005-0059

- 漏洞信息

PHP Open_BaseDir安全限制绕过漏洞
低危 设计错误
2005-09-26 00:00:00 2005-10-20 00:00:00
远程  
        PHP是广泛使用的通用目的脚本语言,尤其适合于Web开发,可嵌入到HTML。
        PHP的fopen_wrappers.c实现上存在输入验证漏洞,攻击者可能利用漏洞遍历系统目录。
        如果open_basedir指令包含有斜杠("/")的话,PHP的fopen_wrappers.c不能正确的限制对其他目录的访问,允许一个目录中的PHP脚本访问其他目录中的文件。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://www.php.net

- 漏洞信息 (F40777)

usn-207-1.txt (PacketStormID:F40777)
2005-10-18 00:00:00
Martin Pitt  security.ubuntu.com
advisory,php
linux,ubuntu
CVE-2005-3054
[点击下载]

Ubuntu Security Notice USN-207-1 - A bug has been found in the handling of the open_basedir directive handling. Contrary to the specification, the value of open_basedir was handled as a prefix instead of a proper directory name even if it was terminated by a slash ('/'). For example, this allowed PHP scripts to access the directory /home/user10 when open_basedir was configured to '/home/user1/'.

===========================================================
Ubuntu Security Notice USN-207-1	   October 17, 2005
php4 vulnerability
CAN-2005-3054
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

libapache-mod-php4
libapache2-mod-php4

The problem can be corrected by upgrading the affected package to
version 4:4.3.8-3ubuntu7.13 (for Ubuntu 4.10), or
4:4.3.10-10ubuntu4.2 (for Ubuntu 5.04). In general, a standard system
upgrade is sufficient to effect the necessary changes.

Details follow:

A bug has been found in the handling of the open_basedir directive
handling. Contrary to the specification, the value of open_basedir
was handled as a prefix instead of a proper directory name even if it
was terminated by a slash ('/'). For example, this allowed PHP scripts
to access the directory /home/user10 when open_basedir was configured
to '/home/user1/'.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.13.diff.gz
      Size/MD5:   620743 3b06c0da0313bc59be31ac77ead260bc
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.13.dsc
      Size/MD5:     1626 031af3bb3149f3f4e651a1582d9aee09
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz
      Size/MD5:  4832570 dd69f8c89281f088eadf4ade3dbd39ee

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.8-3ubuntu7.13_all.deb
      Size/MD5:   332792 ef203ed6e04985389038a2668e2b2bae
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-pear_4.3.8-3ubuntu7.13_all.deb
      Size/MD5:   334636 40cb1635e3ed9860d210cb5054e76332

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.13_amd64.deb
      Size/MD5:  1689722 cdeaf5cd97840a91b346ff121e00e291
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.13_amd64.deb
      Size/MD5:  3198778 8cad2a9376b8483ab6873255274a258f
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.13_amd64.deb
      Size/MD5:    17270 321f4676bd3c2bc286e1a726a93ab4c9
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.13_amd64.deb
      Size/MD5:    40434 e058a0198eafea4d8a322f84aa33bb6e
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.13_amd64.deb
      Size/MD5:    33612 ad726de3dfdbcacdcde3d90cdf851770
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.13_amd64.deb
      Size/MD5:    21236 2f0ab9a2891bbaf322c67e88b65f4c7a
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.13_amd64.deb
      Size/MD5:    18406 f37ed15fb35f433726922d67d0463438
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.13_amd64.deb
      Size/MD5:     7992 8b013d8ee95fb7563aaef62e9c05251e
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.13_amd64.deb
      Size/MD5:    23108 7b3c7f8e89c97557498189719ef30ec0
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.13_amd64.deb
      Size/MD5:    28326 ad745d29d153db18995099efafdd3128
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.13_amd64.deb
      Size/MD5:     7618 aa19f54e0d7294cbf5cb1f8f976963f0
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.13_amd64.deb
      Size/MD5:    12970 3e592760088678bb91e3767762bc43f5
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.13_amd64.deb
      Size/MD5:    21512 a3190823cdb28c7d27da7a5f1f260569
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.13_amd64.deb
      Size/MD5:    17252 219742cd538690f92d24a82c074fba28
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.13_amd64.deb
      Size/MD5:  1705532 9f6543c2bad3f2a1eae0175ed4938c91

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.13_i386.deb
      Size/MD5:  1631536 b533fecf692aa471bbdc7c2125ed1e3f
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.13_i386.deb
      Size/MD5:  3044892 60f5e35863ed1210762dd10cc245a8ff
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.13_i386.deb
      Size/MD5:    16852 fc06a8fc17ff7d820874ea9be1bcc93c
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.13_i386.deb
      Size/MD5:    35556 c3b525c920b3d45c332e4ae90e5ba3d3
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.13_i386.deb
      Size/MD5:    31126 9ba80a8472ce5c95b88d57c3b4eb63e0
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.13_i386.deb
      Size/MD5:    19474 3e25addd0ab31fd0468b4b326ea26ae8
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.13_i386.deb
      Size/MD5:    17056 3da7c0f68d35f408d4ecf878f040f5c2
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.13_i386.deb
      Size/MD5:     7748 4e71789a2119e8e9ea864a24cc531711
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.13_i386.deb
      Size/MD5:    20902 5d372216eef9785ccc3c878f3ad2c97b
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.13_i386.deb
      Size/MD5:    26064 658f7dc2a8ebf05c5f5307b0812cc9cf
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.13_i386.deb
      Size/MD5:     7376 45a0bf790afd367d67fea40986578ebe
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.13_i386.deb
      Size/MD5:    12320 cceb8ee2ccdc41c0df21fccc4905d9a2
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.13_i386.deb
      Size/MD5:    20006 3864268ac7b8848496b176ca56c74a07
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.13_i386.deb
      Size/MD5:    15884 efef631a55977bd55c5e45c5f7f506d8
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.13_i386.deb
      Size/MD5:  1646064 b19e15dc6c218ccf405296847b5a55d7

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.13_powerpc.deb
      Size/MD5:  1691536 70778ffd723ad6ff582d87f7898e1eb7
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.13_powerpc.deb
      Size/MD5:  3204242 52868595cd84a2ba0dd24e606d9ac6b5
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.13_powerpc.deb
      Size/MD5:    19086 c8baa069863f7bcb2822e8a4eee940de
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.13_powerpc.deb
      Size/MD5:    38286 498863f57732313da90005bf0d73cc26
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.13_powerpc.deb
      Size/MD5:    34032 d59db46996c42229e153f353055aad77
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.13_powerpc.deb
      Size/MD5:    21476 098e95ee6fa23809838410343d32446f
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.13_powerpc.deb
      Size/MD5:    19308 05b0630ec625f0e3e03b167c7c9120f4
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.13_powerpc.deb
      Size/MD5:     9322 0cba72186c4b4bb853e24195708e86ae
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.13_powerpc.deb
      Size/MD5:    22684 cdd1d709a246849a4edbfe5a65766014
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.13_powerpc.deb
      Size/MD5:    28402 2d818861775cb92ffd2b797b5f929b31
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.13_powerpc.deb
      Size/MD5:     9004 a55031db670a4feb528c3dad1abd5450
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.13_powerpc.deb
      Size/MD5:    14332 929b82ef9a9f41fa6c5bc56160ad4b9d
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.13_powerpc.deb
      Size/MD5:    22198 92b55065b69d9c33d30ce69154f0463b
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.13_powerpc.deb
      Size/MD5:    18056 088c80ab090cf668c7982004cfa27534
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.13_powerpc.deb
      Size/MD5:  1709582 d5929c3e9931fdccfad312b0d65c434a

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-universe_4.3.10-10ubuntu3.5.diff.gz
      Size/MD5:   274193 f1627be21816f55ba4406e1af3c296b0
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-universe_4.3.10-10ubuntu3.5.dsc
      Size/MD5:     1669 c7207124fea15c341f8f98225b190d59
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-universe_4.3.10.orig.tar.gz
      Size/MD5:  4892209 73f5d1f42e34efa534a09c6091b5a21e
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.10-10ubuntu4.2.diff.gz
      Size/MD5:   270783 295ff75dc9ac1acbf4b85cf84524e6cc
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.10-10ubuntu4.2.dsc
      Size/MD5:     1469 c1b661dbecb855710f1ea91736ec49de
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.10.orig.tar.gz
      Size/MD5:  4892209 73f5d1f42e34efa534a09c6091b5a21e

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-pear_4.3.10-10ubuntu3.5_all.deb
      Size/MD5:   250210 a97218861ec3392bcdf6139aa017df10
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.10-10ubuntu4.2_all.deb
      Size/MD5:     1126 e258bb3bb95f3af884c58f7a0ffb335a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/libapache-mod-php4_4.3.10-10ubuntu3.5_amd64.deb
      Size/MD5:  1659030 f073adaf641935ab2975f8b66bdb227d
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.10-10ubuntu4.2_amd64.deb
      Size/MD5:  1656722 d1be7ea12ca396eed9ab7e0223d89bc8
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.10-10ubuntu4.2_amd64.deb
      Size/MD5:  3271958 d1bcb856853ddf27d30bb07745b40a9b
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cli_4.3.10-10ubuntu4.2_amd64.deb
      Size/MD5:  1647008 92426755fb5b1531bddf9227eeff83a5
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-common_4.3.10-10ubuntu4.2_amd64.deb
      Size/MD5:   166914 5e94d9cbc639c2cbf24027719c2bdd85
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-curl_4.3.10-10ubuntu3.5_amd64.deb
      Size/MD5:    17816 f39530d90974a8828c2b515184cce787
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.10-10ubuntu4.2_amd64.deb
      Size/MD5:   348234 cec55ebf2abf50916549aa501e84c09a
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-domxml_4.3.10-10ubuntu3.5_amd64.deb
      Size/MD5:    40790 e108b9ed74734d2a44b08077c385adb6
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-gd_4.3.10-10ubuntu3.5_amd64.deb
      Size/MD5:    34450 bf0c232a0809ce7ca1a0544efd90ba2d
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-imap_4.3.10-10ubuntu3.5_amd64.deb
      Size/MD5:    37636 44eab7df7257899c1265e9af0b37e90a
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-ldap_4.3.10-10ubuntu3.5_amd64.deb
      Size/MD5:    21392 5bc3e6dd1665cdaa8a0020c6fb1ed64e
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-mcal_4.3.10-10ubuntu3.5_amd64.deb
      Size/MD5:    18868 93297e64f6600d0d459559087e44df77
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-mhash_4.3.10-10ubuntu3.5_amd64.deb
      Size/MD5:     8240 e264b34cde9d934fcc0661ea3d775c69
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-mysql_4.3.10-10ubuntu3.5_amd64.deb
      Size/MD5:    23528 d4c5a6126c77c39e5a7c043bb74eda66
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-odbc_4.3.10-10ubuntu3.5_amd64.deb
      Size/MD5:    28768 362e1937ecd3408ba0b9ea6d1c0f4ab4
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-recode_4.3.10-10ubuntu3.5_amd64.deb
      Size/MD5:     7896 dc4190e47b8784bc91402c8fe86be0e9
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-snmp_4.3.10-10ubuntu3.5_amd64.deb
      Size/MD5:    13662 234840294782e522ad55e3ce0bb955c6
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-sybase_4.3.10-10ubuntu3.5_amd64.deb
      Size/MD5:    22426 e9eb831d6648e9acaf6ffb20472ffc4e
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-universe-common_4.3.10-10ubuntu3.5_amd64.deb
      Size/MD5:   124806 11ae6c5d57ec5dc8792676709b206d49
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-xslt_4.3.10-10ubuntu3.5_amd64.deb
      Size/MD5:    17554 2eda807c25f3812bf5a693f9edcc9022

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/libapache-mod-php4_4.3.10-10ubuntu3.5_i386.deb
      Size/MD5:  1592460 54f61ecc515087d4de870623348bf462
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.10-10ubuntu4.2_i386.deb
      Size/MD5:  1591222 55354398015c8894503878f224297789
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.10-10ubuntu4.2_i386.deb
      Size/MD5:  3166460 ddc2a2bd72e9533f4d937fde55cec25d
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cli_4.3.10-10ubuntu4.2_i386.deb
      Size/MD5:  1591098 59f2928b73c46222db3d82b0949db492
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-common_4.3.10-10ubuntu4.2_i386.deb
      Size/MD5:   166912 9d7fb7d120584dafc546272aa64c0eb5
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-curl_4.3.10-10ubuntu3.5_i386.deb
      Size/MD5:    17378 16bcfb696ae906258038f48e6fffef34
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.10-10ubuntu4.2_i386.deb
      Size/MD5:   348246 6a1237616083019f7b1ab65d5a06beee
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-domxml_4.3.10-10ubuntu3.5_i386.deb
      Size/MD5:    35936 19a398161efbc58416495945698f9d35
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-gd_4.3.10-10ubuntu3.5_i386.deb
      Size/MD5:    31724 2b13de032f6187988786fa12d9d0de71
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-imap_4.3.10-10ubuntu3.5_i386.deb
      Size/MD5:    36224 db4aca30773aa97b1259c5b7110b2fc8
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-ldap_4.3.10-10ubuntu3.5_i386.deb
      Size/MD5:    19626 8a988b3262a249819bd4295ae91621e6
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-mcal_4.3.10-10ubuntu3.5_i386.deb
      Size/MD5:    17416 bbbf34182bb73346a025b51dba0e0efe
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-mhash_4.3.10-10ubuntu3.5_i386.deb
      Size/MD5:     7996 6b56d74f1ab837ccd071fb5f85c8661b
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-mysql_4.3.10-10ubuntu3.5_i386.deb
      Size/MD5:    21262 6ca0a5c2724b9d5568deb56e514937e3
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-odbc_4.3.10-10ubuntu3.5_i386.deb
      Size/MD5:    26398 9e55c75abf06831003b3d610671869ed
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-recode_4.3.10-10ubuntu3.5_i386.deb
      Size/MD5:     7638 daeb070ed3d78537b153fd96dbfc9b20
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-snmp_4.3.10-10ubuntu3.5_i386.deb
      Size/MD5:    12964 f1d2574c0bd94612a414f63cdf2de3fe
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-sybase_4.3.10-10ubuntu3.5_i386.deb
      Size/MD5:    20832 f79a0073e4ccf69e849622bd0bd16e82
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-universe-common_4.3.10-10ubuntu3.5_i386.deb
      Size/MD5:   124812 587e248a217de1633d3c00fb0e79a1a8
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-xslt_4.3.10-10ubuntu3.5_i386.deb
      Size/MD5:    16136 47fd1198c990d4a610eeb2674feacae3

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/libapache-mod-php4_4.3.10-10ubuntu3.5_powerpc.deb
      Size/MD5:  1659220 374755d6aa9e26ce64ecaaae7c52887e
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.10-10ubuntu4.2_powerpc.deb
      Size/MD5:  1657286 3bd3fee1ccd230dd41b4159790c2d247
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.10-10ubuntu4.2_powerpc.deb
      Size/MD5:  3276240 3c66c09b5492e66ba7833f998da16f1e
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cli_4.3.10-10ubuntu4.2_powerpc.deb
      Size/MD5:  1645290 7a8485d0d95cac882b234710bbe90834
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-common_4.3.10-10ubuntu4.2_powerpc.deb
      Size/MD5:   166912 8a729ddff374156ebfd2353aa7a85410
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-curl_4.3.10-10ubuntu3.5_powerpc.deb
      Size/MD5:    19638 c6c35b96c130e9310174b01fc2a167f2
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.10-10ubuntu4.2_powerpc.deb
      Size/MD5:   348256 a0c7e63312fe7c3e76c91f5b050a4b29
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-domxml_4.3.10-10ubuntu3.5_powerpc.deb
      Size/MD5:    38644 f7c048335df40ddcf88517867bf8fe34
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-gd_4.3.10-10ubuntu3.5_powerpc.deb
      Size/MD5:    34588 859318825f2e429e5a24a6706da53441
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-imap_4.3.10-10ubuntu3.5_powerpc.deb
      Size/MD5:    37696 b0f3ce7ef2a403ba1fdd31e6877fc19b
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-ldap_4.3.10-10ubuntu3.5_powerpc.deb
      Size/MD5:    21396 63684688915ccca424187f801891d5f7
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-mcal_4.3.10-10ubuntu3.5_powerpc.deb
      Size/MD5:    19724 dc212dfb1d64326eec2fca91dbd379bd
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-mhash_4.3.10-10ubuntu3.5_powerpc.deb
      Size/MD5:     9570 257637677d907bbb434b60d17c3866e1
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-mysql_4.3.10-10ubuntu3.5_powerpc.deb
      Size/MD5:    23026 87d64def1623910baa40aeef9073aa32
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-odbc_4.3.10-10ubuntu3.5_powerpc.deb
      Size/MD5:    28670 b4c97c08b44310dddf3ac32e7ab29d3c
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-recode_4.3.10-10ubuntu3.5_powerpc.deb
      Size/MD5:     9276 a3a4bc601611865f7037c75f95ea0716
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-snmp_4.3.10-10ubuntu3.5_powerpc.deb
      Size/MD5:    14956 4bf9f5007549e0614e19727c8173a17c
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-sybase_4.3.10-10ubuntu3.5_powerpc.deb
      Size/MD5:    23052 7d93d6dd9523e68075cf09d18eea155a
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-universe-common_4.3.10-10ubuntu3.5_powerpc.deb
      Size/MD5:   124824 e5729368a5ac3df9fb034e8862df4d6f
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-xslt_4.3.10-10ubuntu3.5_powerpc.deb
      Size/MD5:    18266 f10c5726f607c50f646abbe1a11e44c8
    

- 漏洞信息

19712
PHP Trailing Slash open_basedir Arbitrary Directory Access
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-08-17 Unknow
2005-08-17 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PHP Open_BaseDir Security Restriction Bypass Vulnerability
Design Error 14957
Yes No
2005-09-27 12:00:00 2009-07-12 05:06:00
thorben <thorben@gawab.com> is credited with the discovery of this vulnerability.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
Todd Miller Sudo 1.6.8 p2
+ Trustix Secure Linux 2.2
PHP PHP 5.0.5
PHP PHP 5.0 .0
PHP PHP 4.4 .0
PHP PHP 4.3.10
+ Gentoo Linux
+ Red Hat Fedora Core3
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 1.5
PHP PHP 4.3.8
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Gentoo Linux
PHP PHP 5.1
PHP PHP 4.4.1

- 不受影响的程序版本

PHP PHP 5.1
PHP PHP 4.4.1

- 漏洞讨论

PHP is prone to a vulnerability regarding the unauthorized access to directories outside the base directory.

The problem presents itself in the way PHP handles the 'open_basedir' directive.

Successful exploitation will grant an attacker access to directories outside the designated base directory. As a result, the attacker may access possibly privileged information.

This issue is reported to affect PHP versions 4.4.0 and 5.0.5; other versions may also be vulnerable.

- 漏洞利用

No exploit is required.

- 解决方案


Please see the referenced advisories for details on obtaining and applying the appropriate updates.


Todd Miller Sudo 1.6.8 p2

PHP PHP 4.3.10

PHP PHP 4.3.8

PHP PHP 4.4 .0

PHP PHP 5.0 .0

PHP PHP 5.0.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站