CVE-2009-4018

Priority
Description
The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and
5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and
(2) safe_mode_protected_env_vars directives, which allows context-dependent
attackers to execute programs with an arbitrary environment via the env
parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH
environment variable.
Notes
 mdeslaur> PoC in php bug report
 mdeslaur> safe_mode bug
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.3.1)
Patches:
Upstream:http://svn.php.net/viewvc/?view=revision&revision=286360
More Information

Updated: 2019-03-19 11:51:24 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)