PHP Security Bypass And File Writing Vulnerability - Dec08 Network Vulnerability

Summary

The host is running PHP and is prone to Security Bypass and File Writing vulnerability.

Impact

Successful exploitation could allow remote attackers to write arbitrary file, bypass security restrictions and cause directory traversal attacks. Impact Level: System/Application

Solution

Upgrade to version 5.2.7 or later http://www.php.net/downloads.php

Insight

The flaw is due to, - An error in initialization of 'page_uid' and 'page_gid' global variables for use by the SAPI 'php_getuid' function, which bypass the safe_mode restrictions. - When 'safe_mode' is enabled through a 'php_admin_flag' setting in 'httpd.conf' file, which does not enforce the 'error_log', 'safe_mode restrictions. - In 'ZipArchive::extractTo' function which allows attacker to write files via a ZIP file.

Affected

PHP versions prior to 5.2.7.

References

http://www.php.net/ChangeLog-5.php#5.2.7
http://www.php.net/archive/2008.php#id2008-12-07-1
http://www.securityfocus.com/archive/1/archive/1/498985/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5624, CVE-2008-5625, CVE-2008-5658

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AstroSPACES profile.php SQL Injection Vulnerability
Baby Gekko CMS Multiple Vulnerabilities
Adobe ColdFusion Authentication Bypass Vulnerability
Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
AVTECH DVR Multiple Vulnerabilities

PHP Security Bypass and File Writing Vulnerability - Dec08

Take action and discover your vulnerabilities