1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Security Threats
  3. Vulnerability Reports
  4. SA201006417

PHP 5.3.2 Multiple Vulnerabilities

Report ID: SA201006417
Source: F-Secure
Date of Discovery: 09.03.2010
Criticality: Undefined
Affects:
PHP 5.3.1
Compromise From: Unknown
Compromise Type: Unknown

Summary

Vulnerabilities involving safe_mode validation and safe_mode bypass have been reported in PHP 5.3 series.

Detailed Description

PHP reported vulnerabilities that involve:

  • safe_mode validation inside tempnam() when the directory path does not end with a /)
  • open_basedir/safe_mode bypass in a session extension
  • LCG entropy

Solution

Update to version 5.3.2 or later

Original Reference

PHP 5.3.2. Release Announcement (http://www.php.net/)