CVE-2010-1129

Public Date:: 2010-02-25

Bugzilla:: 577578: CVE-2010-1129 CVE-2010-1130 php: safe_mode / open_basedir security fixes in 5.2.13/5.3.2

The MITRE CVE dictionary describes this issue as:

The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.

Find out more about CVE-2010-1129 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php

Last Modified 2018-08-18T04:33:24+00:00

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

CVE-2010-1129

Statement