News
Vigil@nce: PHP 5.2, several vulnerabilities
March 2010 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of PHP in order to bypass file access restrictions.
Severity: 2/4
Consequences: data reading, data creation/edition, data deletion
Provenance: user account
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 3
Creation date: 01/03/2010
IMPACTED PRODUCTS
PHP
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in PHP 5.
An attacker can use the tempnam() PHP function, on a directoty name not ending with ’/’, in order to create a file outside allowed directories. [severity:2/4; BID-38431]
An attacker can use the session_save_path() PHP function, in order to create a file outside allowed directories (VIGILANCE-VUL-9443 (https://vigilance.fr/tree/1/9443)). [severity:2/4; BID-38182]
The LCG (Linear Congruential Generator) is not sufficiently random. [severity:1/4; BID-38430]
These vulnerabilities are local or remote depending on the context.
CHARACTERISTICS
Identifiers: BID-38182, BID-38430, BID-38431, VIGILANCE-VUL-9478
