Upstream information
Description
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
NVD | |
---|---|
Base Score | 4.6 |
Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Access Vector | Local |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
SUSE Security Advisories:
- SUSE-SA:2007:020, published Thu, 15 Mar 2007 12:00:00 +0000
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 05:19:20 2013CVE page last modified: Mon Sep 9 16:39:05 2024