#VU110487 Path traversal in PHP - CVE-2006-1494

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to create files in arbitrary directories via the tempnam function.

Remediation

External links

• ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
• http://rhn.redhat.com/errata/RHSA-2006-0549.html
• http://secunia.com/advisories/19599
• http://secunia.com/advisories/19775
• http://secunia.com/advisories/19979
• http://secunia.com/advisories/21031
• http://secunia.com/advisories/21125
• http://secunia.com/advisories/21135
• http://secunia.com/advisories/21202
• http://secunia.com/advisories/21252
• http://secunia.com/advisories/21723
• http://secunia.com/advisories/22225
• http://securityreason.com/achievement_securityalert/36
• http://securityreason.com/securityalert/677
• http://securitytracker.com/id?1015881
• http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm
• http://www.mandriva.com/security/advisories?name=MDKSA-2006:074
• http://www.novell.com/linux/security/advisories/05-05-2006.html
• http://www.redhat.com/support/errata/RHSA-2006-0567.html
• http://www.redhat.com/support/errata/RHSA-2006-0568.html
• http://www.securityfocus.com/archive/1/447866/100/0/threaded
• http://www.securityfocus.com/bid/17439
• http://www.ubuntu.com/usn/usn-320-1
• http://www.vupen.com/english/advisories/2006/1290
• https://exchange.xforce.ibmcloud.com/vulnerabilities/25705
• https://issues.rpath.com/browse/RPL-683
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10196