PHP :: Bug #48036 :: In PHP 5.2.9, curl php module bypass safe_mode & open

Bug #48036	In PHP 5.2.9, curl php module bypass safe_mode & open_basedir security features
Submitted:	2009-04-21 12:36 UTC	Modified:	2009-04-21 12:40 UTC
From:	y dot le dot ny at ifrance dot com	Assigned:
Status:	Not a bug	Package:	cURL related
PHP Version:	5.2.9	OS:	All (Linux and Sun Solaris)
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	y dot le dot ny at ifrance dot com
New email:
PHP Version:		OS:

New Comment:

[2009-04-21 12:36 UTC] y dot le dot ny at ifrance dot com

Description:
------------
There is a big security problem with CURL module in PHP 5.2.9.

I use the latest stable release PHP 5.2.9 and the latest stable release Curl 7.19.4 on Redhat Enterprise Linux 3 and 4, on Sun Solaris 8 and 10 and I can reproduce the exploit that is explained at this URL :
http://securityreason.com/achievement_securityalert/61

Please find the problem and patch php curl module 's code source here :
http://cvs.php.net/viewvc.cgi/php-src/ext/curl/ 

Reproduce code:
---------------
http://securityreason.com/achievement_securityalert/61

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-04-21 12:40 UTC] pajoye@php.net

duplicated #48027

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 18:01:29 2024 UTC