• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PHP cURL 'safe mode' Security Bypass Vulnerability

Solution:
The vendor has released fixes to address this issue. Please see the references for more information.


MandrakeSoft Linux Mandrake 2008.0 x86_64

• Mandriva lib64php5_common5-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-bcmath-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-bz2-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-calendar-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-cgi-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-cli-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-ctype-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-curl-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-dba-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-dbase-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-devel-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-dom-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-exif-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-fcgi-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-filter-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-ftp-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-gd-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-gettext-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-gmp-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-hash-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-iconv-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-imap-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-json-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-ldap-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-mbstring-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-mcrypt-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-mhash-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-mime_magic-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-ming-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-mssql-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-mysql-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-mysqli-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-ncurses-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-odbc-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-openssl-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pcntl-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pdo-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pdo_dblib-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pdo_mysql-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pdo_odbc-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pdo_pgsql-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pdo_sqlite-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pgsql-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-posix-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pspell-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-readline-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-recode-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-session-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-shmop-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-simplexml-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-snmp-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-soap-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-sockets-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-sqlite-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-sysvmsg-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-sysvsem-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-sysvshm-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-tidy-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-tokenizer-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-wddx-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-xml-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-xmlreader-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-xmlrpc-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-xmlwriter-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-xsl-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-zlib-5.2.4-3.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/

MandrakeSoft Linux Mandrake 2008.0

• Mandriva libphp5_common5-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-bcmath-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-bz2-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-calendar-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-cgi-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-cli-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-ctype-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-curl-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-dba-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-dbase-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-devel-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-dom-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-exif-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-fcgi-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-filter-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-ftp-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-gd-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-gettext-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-gmp-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-hash-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-iconv-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-imap-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-json-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-ldap-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-mbstring-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-mcrypt-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-mhash-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-mime_magic-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-ming-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-mssql-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-mysql-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-mysqli-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-ncurses-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-odbc-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-openssl-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pcntl-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pdo-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pdo_dblib-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pdo_mysql-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pdo_odbc-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pdo_pgsql-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pdo_sqlite-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pgsql-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-posix-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pspell-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-readline-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-recode-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-session-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-shmop-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-simplexml-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-snmp-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-soap-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-sockets-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-sqlite-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-sysvmsg-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-sysvsem-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-sysvshm-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-tidy-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-tokenizer-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-wddx-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-xml-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-xmlreader-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-xmlrpc-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-xmlwriter-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-xsl-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-zlib-5.2.4-3.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/

MandrakeSoft Corporate Server 4.0

• Mandriva libphp4_common4-4.4.4-1.10.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libphp5_common5-5.1.6-1.10.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-cgi-5.1.6-1.10.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-curl-5.1.6-1.1.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-devel-5.1.6-1.10.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-fcgi-5.1.6-1.10.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pcre-5.1.6-1.1.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php4-cgi-4.4.4-1.10.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php4-cli-4.4.4-1.10.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php4-curl-4.4.4-1.2.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php4-devel-4.4.4-1.10.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva php4-mbstring-4.4.4-1.2.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/

Apple Mac OS X 10.5.4

• Apple SecUpd2008-005.dmg
  For Mac OS X v10.5.4 and Mac OS X Server 10.5.4
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=20388&cat= 1&platform=osx&method=sa/SecUpd2008-005.dmg

Apple Mac OS X Server 10.5.4

• Apple SecUpd2008-005.dmg
  For Mac OS X v10.5.4 and Mac OS X Server 10.5.4
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=20388&cat= 1&platform=osx&method=sa/SecUpd2008-005.dmg

Apple Mac OS X Server 10.5.5

• Apple SecUpdSrvr2008-007.dmg
  http://www.apple.com/support/downloads/securityupdate2008007serverleop ard.html

MandrakeSoft Corporate Server 4.0 x86_64

• Mandriva lib64php4_common4-4.4.4-1.10.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva lib64php5_common5-5.1.6-1.10.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-cgi-5.1.6-1.10.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-curl-5.1.6-1.1.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-devel-5.1.6-1.10.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-fcgi-5.1.6-1.10.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php-pcre-5.1.6-1.1.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php4-cgi-4.4.4-1.10.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php4-cli-4.4.4-1.10.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php4-curl-4.4.4-1.2.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php4-devel-4.4.4-1.10.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva php4-mbstring-4.4.4-1.2.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/

PHP PHP 5.2.4

• PHP PHP 5.2.6 Complete Source code
  http://www.php.net/get/php-5.2.6.tar.gz/from/a/mirror

PHP PHP 5.2.5

• PHP PHP 5.2.6 Complete Source code
  http://www.php.net/get/php-5.2.6.tar.gz/from/a/mirror