CVE-2012-1171

Impact:
Moderate
Public Date:
2012-03-13
Bugzilla:
802591: CVE-2012-1171 php: libxml RSHUTDOWN function disables the hooks which are used to implement open_basedir

The MITRE CVE dictionary describes this issue as:

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.

Find out more about CVE-2012-1171 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 5
Base Metrics AV:N/AC:L/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 php Not affected
Red Hat Enterprise Linux 5 php53 Not affected
Red Hat Enterprise Linux 5 php Not affected
Red Hat Enterprise Linux 4 php Not affected
Red Hat Application Stack v2 for Enterprise Linux (v.5) php Not affected
Last Modified

CVE description copyright © 2017, The MITRE Corporation