CVE-2008-2665

Current Description

Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run.

Basic Data

PublishedJune 20, 2008
Last ModifiedOctober 11, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-22
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationPhpPhp5.2.6*******

Vulnerable Software List

VendorProductVersions
Php Php 5.2.6

References

NameSourceURLTags
APPLE-SA-2009-05-12http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlAPPLE
SSRT090085http://marc.info/?l=bugtraq&m=124654546101607&w=2HP
HPSBUX02465http://marc.info/?l=bugtraq&m=125631037611762&w=2HP
32746http://secunia.com/advisories/32746SECUNIA
35074http://secunia.com/advisories/35074SECUNIA
35650http://secunia.com/advisories/35650SECUNIA
GLSA-200811-05http://security.gentoo.org/glsa/glsa-200811-05.xmlGENTOO
20080617 PHP 5.2.6 posix_access() (posix ext) safe_mode bypasshttp://securityreason.com/achievement_securityalert/54SREASONRESExploit
3941http://securityreason.com/securityalert/3941SREASON
http://support.apple.com/kb/HT3549http://support.apple.com/kb/HT3549CONFIRM
http://wiki.rpath.com/Advisories:rPSA-2009-0035http://wiki.rpath.com/Advisories:rPSA-2009-0035CONFIRM
20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xslhttp://www.securityfocus.com/archive/1/501376/100/0/threadedBUGTRAQ
29797http://www.securityfocus.com/bid/29797BID
1020327http://www.securitytracker.com/id?1020327SECTRACK
TA09-133Ahttp://www.us-cert.gov/cas/techalerts/TA09-133A.htmlCERTUS Government Resource
ADV-2009-1297http://www.vupen.com/english/advisories/2009/1297VUPEN
php-posixaccess-security-bypass(43196)https://exchange.xforce.ibmcloud.com/vulnerabilities/43196XF