PHP Win32Service Extension Safe_Mode Restriction Bypass Vulnerability
BID:25106
Info
PHP Win32Service Extension Safe_Mode Restriction Bypass Vulnerability
| Bugtraq ID: | 25106 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jul 28 2007 12:00AM |
| Updated: | Jul 30 2007 08:55PM |
| Credit: | NetJackal is credited with discovering this issue. |
| Vulnerable: |
PHP PHP 5.2.1 |
| Not Vulnerable: | |
Discussion
PHP Win32Service Extension Safe_Mode Restriction Bypass Vulnerability
PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to bypasss the restrictions imposed by the PHP directive and execute restricted PHP and script code.
This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; in such cases, the 'safe_mode' restrictions are expected to isolate users from each other.
PHP 5.2.1 is reported vulnerable; other versions may also be affected.
PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to bypasss the restrictions imposed by the PHP directive and execute restricted PHP and script code.
This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; in such cases, the 'safe_mode' restrictions are expected to isolate users from each other.
PHP 5.2.1 is reported vulnerable; other versions may also be affected.
Exploit / POC
PHP Win32Service Extension Safe_Mode Restriction Bypass Vulnerability
Attackers may exploit this issue by crafting and executing a malicious PHP script.
The following proof of concept is available:
Attackers may exploit this issue by crafting and executing a malicious PHP script.
The following proof of concept is available:
Solution / Fix
PHP Win32Service Extension Safe_Mode Restriction Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
PHP Win32Service Extension Safe_Mode Restriction Bypass Vulnerability
References:
References: