CVE-2010-1129

Published: 26 March 2010

The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.

Notes

Author	Note
mdeslaur	also fixed in 5.3.2 safe_mode issue

Priority

Status

Package	Release	Status
php5 Launchpad, Ubuntu, Debian	dapper	Released (5.1.2-1ubuntu3.19)
	hardy	Released (5.2.4-2ubuntu5.12)
	intrepid	Ignored (end of life, was needed)
	jaunty	Released (5.2.6.dfsg.1-3ubuntu4.6)
	karmic	Released (5.2.10.dfsg.1-2ubuntu6.5)
	lucid	Not vulnerable (5.3.2-1ubuntu3)
	upstream	Released (5.2.13, 5.3.2)
	Patches: upstream: http://svn.php.net/viewvc?view=revision&revision=294882

References

http://www.php.net/ChangeLog-5.php
http://www.php.net/releases/5_2_13.php
https://ubuntu.com/security/notices/USN-989-1
https://www.cve.org/CVERecord?id=CVE-2010-1129
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›