• info
• discussion
• exploit
• solution
• references

PHP BZip2/Zip Wrappers Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities

Solution:
The vendor released an update to address this issue. Please see the references for more information.


Apple Mac OS X Server 10.3.9

• Apple SecUpdSrvr2007-007Pan.dmg For Mac OS X Server v10.3.9
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.4.10

• Apple SecUpd2007-007Ti.dmg For Mac OS X v10.4.10 (PowerPC)
  http://www.apple.com/support/downloads/


• Apple SecUpd2007-007Univ.dmg For Mac OS X v10.4.10 (Universal)
  http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.4.10

• Apple SecUpdSrvr2007-007Ti.dmg For Mac OS X Server v10.4.10 (PowerPC)
  http://www.apple.com/support/downloads/


• Apple SecUpdSrvr2007-007Universal.dmg For Mac OS X Server v10.4.10 (Universal)
  http://www.apple.com/support/downloads/

PHP PHP 4.0 0

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.0.1

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.0.1 pl1

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.0.1 pl2

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.0.2

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.0.3 pl1

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.0.4

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.0.6

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.0.7

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.0.7 RC1

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.0.7 RC3

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.1 .0

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.1.1

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.1.2

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.2 -dev

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.2.1

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.2.2

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.2.3

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.3

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.3.1

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.3.10

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.3.11

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.3.2

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.3.3

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.3.4

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.3.6

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.3.9

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.4 .0

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.4.1

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.4.2

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 4.4.6

• PHP php-4.4.7-Win32.zip
  http://www.php.net/get/php-4.4.7-Win32.zip/from/a/mirror


• PHP php-4.4.7.tar.bz2
  http://www.php.net/get/php-4.4.7.tar.bz2/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 5.0 .0

• PHP php-5.2.2-win32-installer.msi
  http://www.php.net/get/php-5.2.2-win32-installer.msi/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 5.0 candidate 2

• PHP php-5.2.2-win32-installer.msi
  http://www.php.net/get/php-5.2.2-win32-installer.msi/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 5.0.1

• PHP php-5.2.2-win32-installer.msi
  http://www.php.net/get/php-5.2.2-win32-installer.msi/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 5.0.5

• PHP php-5.2.2-win32-installer.msi
  http://www.php.net/get/php-5.2.2-win32-installer.msi/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 5.1

• PHP php-5.2.2-win32-installer.msi
  http://www.php.net/get/php-5.2.2-win32-installer.msi/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 5.1.2

• PHP php-5.2.2-win32-installer.msi
  http://www.php.net/get/php-5.2.2-win32-installer.msi/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 5.1.3 -RC1

• PHP php-5.2.2-win32-installer.msi
  http://www.php.net/get/php-5.2.2-win32-installer.msi/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 5.1.3

• PHP php-5.2.2-win32-installer.msi
  http://www.php.net/get/php-5.2.2-win32-installer.msi/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 5.1.4

• PHP php-5.2.2-win32-installer.msi
  http://www.php.net/get/php-5.2.2-win32-installer.msi/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror

PHP PHP 5.1.5

• PHP php-5.2.2-win32-installer.msi
  http://www.php.net/get/php-5.2.2-win32-installer.msi/from/a/mirror


• PHP php-5.2.2.tar.gz
  http://www.php.net/get/php-5.2.2.tar.gz/from/a/mirror