PHP 5 'posix_access()' Function 'safe_mode' Bypass Directory Traversal Vulnerability

Bugtraq ID: 29797
Class: Input Validation Error
CVE: CVE-2008-2665
Remote: Yes
Local: No
Published: Jun 18 2008 12:00AM
Updated: Oct 22 2009 11:38PM
Credit: Maksymilian Arciemowicz of SecurityReason Research
Vulnerable: Slackware Linux 12.1
Slackware Linux 12.0
Slackware Linux -current
rPath rPath Linux 2
rPath rPath Linux 1
rPath Appliance Platform Linux Service 2
rPath Appliance Platform Linux Service 1
PHP PHP 5.2.6
HP HP-UX B.11.31
HP HP-UX B.11.23
HP HP-UX B.11.11
Gentoo Linux
Apple Mac OS X Server 10.5.6
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.6
Apple Mac OS X 10.5.5
Apple Mac OS X 10.5.4
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.5
Not Vulnerable: PHP PHP 5.2.8
Apple Mac OS X Server 10.5.7
Apple Mac OS X 10.5.7


 

Privacy Statement
Copyright 2010, SecurityFocus