CVE-2008-2666

Impact:: Low
Public Date:: 2008-06-18

Bugzilla:: 452207: CVE-2008-2666 php: chdir(), ftok() (standard ext) safe_mode bypass safe_mode bypass

The MITRE CVE dictionary describes this issue as:

Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.

Find out more about CVE-2008-2666 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php

Last Modified 2018-04-26T20:29:20+00:00

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

CVE-2008-2666

Statement