'Re: [oss-security] CVE request: php 5.2.6 safe_mode bypass'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: php 5.2.6 safe_mode bypass
From:       Nico Golde <oss-security+ml () ngolde ! de>
Date:       2008-06-19 15:34:38
Message-ID: 20080619153438.GE4263 () ngolde ! de
[Download RAW message or body]


Hi Hanno,
* Hanno Böck <hanno@hboeck.de> [2008-06-19 17:24]:
> Both posted on FD
> 
> [PHP 5.2.6 posix_access() (posix ext) safe_mode bypass ]
> http://securityreason.com/achievement_securityalert/54

This is CVE-2008-2665.

> [PHP 5.2.6 chdir(),ftok() (standard ext) safe_mode bypass ]
> http://securityreason.com/achievement_securityalert/55

This is CVE-2008-2666.
Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic