PHP *open_basedir* Symlink Security Bypass Vulnerability Date: Thursday, October 05, 2006 @ 13:04:42 CDT Topic: Security SECUNIA ADVISORY ID: SA22235 VERIFY ADVISORY: http://secunia.com/advisories/22235/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: Local system SOFTWARE: PHP 5.1.x - http://secunia.com/product/6796/ PHP 5.0.x - http://secunia.com/product/3919/ PHP 4.4.x - http://secunia.com/product/5768/ PHP 4.3.x - http://secunia.com/product/922/ PHP 4.2.x - http://secunia.com/product/105/ PHP 4.1.x - http://secunia.com/product/1654/ PHP 4.0.x - http://secunia.com/product/1655/ DESCRIPTION: Stefan Esser has reported a vulnerability in PHP, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to a race condition in the handling of symlinks and can be exploited to bypass the open_basedir protection mechanism. The vulnerability has been reported in PHP4 and PHP5. SOLUTION: Disable the "symlink()" function in php.ini. PROVIDED AND/OR DISCOVERED BY: Stefan Esser ORIGINAL ADVISORY: http://www.hardened-php.net/advisory_082006.132.html This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2432