CVE-2010-1130

Priority
Low
Description
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does
not properly interpret ; (semicolon) characters in the argument to the
session_save_path function, which allows context-dependent attackers to
bypass open_basedir and safe_mode restrictions via an argument that
contains multiple ; characters in conjunction with a .. (dot dot).
References
Notes
 mdeslaur> actually fixed in 5.3.2
 mdeslaur> open_basedir and safe_mode issue
 mdeslaur> dapper doesn't try and strip ; chars, so not vulnerable
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.2.13, 5.3.2)
Patches:
Upstream:http://svn.php.net/viewvc?view=revision&revision=294272
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:38:07 UTC (commit 9756)