Path traversal in PHP - CVE-2006-1494

Detailed vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to create files in arbitrary directories via the tempnam function.

How to mitigate CVE-2006-1494

Sources

• ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
• http://rhn.redhat.com/errata/RHSA-2006-0549.html
• http://secunia.com/advisories/19599
• http://secunia.com/advisories/19775
• http://secunia.com/advisories/19979
• http://secunia.com/advisories/21031
• http://secunia.com/advisories/21125
• http://secunia.com/advisories/21135
• http://secunia.com/advisories/21202
• http://secunia.com/advisories/21252
• http://secunia.com/advisories/21723
• http://secunia.com/advisories/22225
• http://securityreason.com/achievement_securityalert/36
• http://securityreason.com/securityalert/677
• http://securitytracker.com/id?1015881
• http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm
• http://www.mandriva.com/security/advisories?name=MDKSA-2006:074
• http://www.novell.com/linux/security/advisories/05-05-2006.html
• http://www.redhat.com/support/errata/RHSA-2006-0567.html
• http://www.redhat.com/support/errata/RHSA-2006-0568.html
• http://www.securityfocus.com/archive/1/447866/100/0/threaded
• http://www.securityfocus.com/bid/17439
• http://www.ubuntu.com/usn/usn-320-1
• http://www.vupen.com/english/advisories/2006/1290
• https://exchange.xforce.ibmcloud.com/vulnerabilities/25705
• https://issues.rpath.com/browse/RPL-683
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10196