fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
01 Sep 2022, 16:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:* |
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* |
First Time |
Canonical
Canonical ubuntu Linux |
|
References | (CONFIRM) http://support.apple.com/kb/HT5002 - Third Party Advisory | |
References | (CONFIRM) http://svn.php.net/viewvc/php/php-src/trunk/main/fopen_wrappers.c?r1=303824&r2=303823&pathrev=303824 - Patch, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/44723 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://www.php.net/archive/2010.php#id2010-12-10-1 - Vendor Advisory | |
References | (SLACKWARE) http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619 - Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2010/3313 - Permissions Required | |
References | (SECUNIA) http://secunia.com/advisories/42812 - Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2011/0077 - Permissions Required | |
References | (CONFIRM) http://www.php.net/ChangeLog-5.php - Vendor Advisory | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-1042-1 - Third Party Advisory | |
References | (CONFIRM) http://security-tracker.debian.org/tracker/CVE-2010-3436 - Third Party Advisory | |
References | (APPLE) http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) http://support.apple.com/kb/HT4581 - Third Party Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) http://www.php.net/releases/5_2_15.php - Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/42729 - Third Party Advisory | |
References | (CONFIRM) http://www.php.net/releases/5_3_4.php - Vendor Advisory | |
References | (CONFIRM) http://svn.php.net/viewvc?view=revision&revision=303824 - Patch, Vendor Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2010:218 - Third Party Advisory |
Information
Published : 2010-11-09 01:00
Updated : 2023-12-10 11:03
NVD link : CVE-2010-3436
Mitre link : CVE-2010-3436
CVE.ORG link : CVE-2010-3436
JSON object : View
Products Affected
canonical
- ubuntu_linux
php
- php
CWE
CWE-264
Permissions, Privileges, and Access Controls