SECUNIA ADVISORY ID: SA37412
VERIFY ADVISORY: http://secunia.com/advisories/37412/
DESCRIPTION: Multiple vulnerabilities have been reported in PHP, some of which have unknown impact and others that can be exploited by malicious users to bypass certain security restrictions.
1) Input validation errors exist in the processing of exif data. This is related to vulnerability #3 in: SA36791
2) An error in "tempnam()" can be exploited to bypass the "safe_mode" feature.
3) An error in "posix_mkfifo()" can be exploited to bypass the "open_basedir" feature.
SOLUTION: Update to version 5.3.1.
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
2, 3) Grzegorz Stachowiak
ORIGINAL ADVISORY: PHP: http://www.php.net/releases/5_3_1.php
Grzegorz Stachowiak:
http://securityreason.com/securityalert/6600
http://securityreason.com/securityalert/6601
OTHER REFERENCES: SA36791: http://secunia.com/advisories/36791/
PHP Multiple VulnerabilitiesPosted on Sunday, November 22, 2009 @ 12:44:17 CST in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
