#VU110465 Input validation error in PHP - CVE-2006-6383
Vulnerability identifier: #VU110465
Vulnerability risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: Yes
Vulnerable software:
PHP
Universal components / Libraries /
Scripting languages
Vendor: PHP Group
Description
The vulnerability allows a local user to read and manipulate data.
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.
Mitigation
Install update from vendor's website.
Vulnerable software versions
PHP: 4.4, 5.2
External links
https://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.7&r2=1.336.2.53.2.8
https://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html
https://secunia.com/advisories/24022
https://secunia.com/advisories/24514
https://securityreason.com/achievement_securityalert/43
https://securityreason.com/securityalert/2000
https://www.mandriva.com/security/advisories?name=MDKSA-2007:038
https://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html
https://www.securityfocus.com/archive/1/453938/30/9270/threaded
https://www.securityfocus.com/bid/21508
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
