CVE-2010-1130

Priority
Low
Description
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does
not properly interpret ; (semicolon) characters in the argument to the
session_save_path function, which allows context-dependent attackers to
bypass open_basedir and safe_mode restrictions via an argument that
contains multiple ; characters in conjunction with a .. (dot dot).
References
Notes
mdeslaur> actually fixed in 5.3.2
mdeslaur> open_basedir and safe_mode issue
mdeslaur> dapper doesn't try and strip ; chars, so not vulnerable
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.2.13, 5.3.2)
Ubuntu 8.04 LTS (Hardy Heron):released (5.2.4-2ubuntu5.12)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (5.3.2-1ubuntu3)
Patches:
Upstream:http://svn.php.net/viewvc?view=revision&revision=294272
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:20:48 UTC (commit 5347)