PublicDateAtUSN: 2010-03-26
Candidate: CVE-2010-1130
PublicDate: 2010-03-26 20:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1130
 https://ubuntu.com/security/notices/USN-989-1
Description:
 session.c in the session extension in PHP before 5.2.13, and 5.3.1, does
 not properly interpret ; (semicolon) characters in the argument to the
 session_save_path function, which allows context-dependent attackers to
 bypass open_basedir and safe_mode restrictions via an argument that
 contains multiple ; characters in conjunction with a .. (dot dot).
Ubuntu-Description:
Notes:
 mdeslaur> actually fixed in 5.3.2
 mdeslaur> open_basedir and safe_mode issue
 mdeslaur> dapper doesn't try and strip ; chars, so not vulnerable
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_php5:
 upstream: http://svn.php.net/viewvc?view=revision&revision=294272
upstream_php5: released (5.2.13, 5.3.2)
dapper_php5: not-affected (5.1.2-1ubuntu3.18)
hardy_php5: released (5.2.4-2ubuntu5.12)
intrepid_php5: needed (reached end-of-life)
jaunty_php5: released (5.2.6.dfsg.1-3ubuntu4.6)
karmic_php5: released (5.2.10.dfsg.1-2ubuntu6.5)
lucid_php5: not-affected (5.3.2-1ubuntu3)
devel_php5: not-affected (5.3.2-1ubuntu3)