PHP Safe Mode Bypass Weakness Uncovered in error_log

By Angsuman Chakraborty, Gaea News Network
Monday, June 26, 2006

Maksymilian Arciemowicz has discovered a weakness in PHP, which can be exploited by malicious, local users to bypass certain security restrictions. This could have a major impact in shared hosting systems.

The weakness is caused due to an input validation error in the PHP error_log() function in the processing of the destination parameter. It can be exploited to bypass the safe mode protection via directory traversal attacks in the “php://” wrapper.

The weakness has been confirmed in version 5.1.4 and has also been reported in version 4.4.2. Other versions may also be affected.

Solution:
Disable the error_log function via the disable_functions directive if the safe mode protection is required. This may impact functionality. All software vendors (including open source developers) should audit their source.
via Secunia
Filed under: CMS Software, Headline News, Open Source Software, PHP, Tech Note, Web, Web Hosting, Web Services

Tags:
Discuss Bellow
Discussion

Angsuman’s Translator Plugin Pro For WordPress 2.x Blogs Released -Simple Thoughts - Java and Web Blog
November 2, 2006: 4:54 am

[...] [...]
YOUR VIEW POINT
NAME : (REQUIRED)
MAIL : (REQUIRED)
will not be displayed
WEBSITE : (OPTIONAL)
YOUR
COMMENT :
 
Submit