CVE-2010-1129

The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.5
phpphp
5.2.6
phpphp
5.2.7
phpphp
5.2.8
phpphp
5.2.9
phpphp
5.2.10
phpphp
5.2.11
phpphp
5.2.12
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
dapper
Fixed 5.1.2-1ubuntu3.19
released
hardy
Fixed 5.2.4-2ubuntu5.12
released
intrepid
ignored
jaunty
Fixed 5.2.6.dfsg.1-3ubuntu4.6
released
karmic
Fixed 5.2.10.dfsg.1-2ubuntu6.5
released
lucid
not-affected
Common Weakness Enumeration
References
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
http://secunia.com/advisories/38708
http://secunia.com/advisories/40551
http://securitytracker.com/id?1023661
http://support.apple.com/kb/HT4312
http://www.php.net/ChangeLog-5.php
http://www.php.net/releases/5_2_13.php
http://www.securityfocus.com/bid/38431
http://www.vupen.com/english/advisories/2010/0479
http://www.vupen.com/english/advisories/2010/1796
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
http://secunia.com/advisories/38708
http://secunia.com/advisories/40551
http://securitytracker.com/id?1023661
http://support.apple.com/kb/HT4312
http://www.php.net/ChangeLog-5.php
http://www.php.net/releases/5_2_13.php
http://www.securityfocus.com/bid/38431
http://www.vupen.com/english/advisories/2010/0479
http://www.vupen.com/english/advisories/2010/1796