[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE request: php 5.3.1 - proc_open() bypass PHP Bug #49026
From: Milen Rangelov <mrangelov () globul ! bg>
Date: 2009-11-27 13:42:25
Message-ID: 1259329345.3047.6.camel () dco-milen ! globul ! bg
[Download RAW message or body]
Hello,
>CVE-2009-4018
>PHP before 5.3.1 proc_open() can be used to bypass the
>safe_mode_protected_env_vars INI setting. This could be used to alter the
>process environment possibly executing arbitrary code.
>
>
>http://www.php.net/ChangeLog-5.php#5.3.1
>http://bugs.php.net/bug.php?id=49026
>http://marc.info/?l=oss-security&m=125897935330618&w=2
>
>Thanks.
>
>--
> JB
Great to see an almost one-year-old bug getting fixed (and assigned a
CVE ID for that matter).
It was reported back in 2008 but apparently noone took care:
http://www.securityfocus.com/bid/32717/info
Regards,
Milen Rangelov
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic