CVE - CVE-2007-3378

CVE-ID
CVE-2007-3378	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20070627 PHP 4/5 htaccess safemode and open_basedir Bypass URL:http://www.securityfocus.com/archive/1/472343/100/0/threaded MISC:http://securityreason.com/achievement_exploitalert/9 SREASONRES:20070627 PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass URL:http://securityreason.com/achievement_securityalert/45 CONFIRM:http://www.php.net/ChangeLog-5.php#5.2.4 CONFIRM:http://www.php.net/releases/5_2_4.php CONFIRM:https://issues.rpath.com/browse/RPL-1702 CONFIRM:https://issues.rpath.com/browse/RPL-1693 CONFIRM:http://www.php.net/ChangeLog-5.php#5.2.5 CONFIRM:http://www.php.net/releases/5_2_5.php CONFIRM:http://www.php.net/ChangeLog-4.php CONFIRM:http://www.php.net/releases/4_4_8.php CONFIRM:http://docs.info.apple.com/article.html?artnum=307562 APPLE:APPLE-SA-2008-03-18 URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html GENTOO:GLSA-200710-02 URL:http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml HP:HPSBUX02308 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 HP:SSRT080010 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 HP:HPSBUX02332 URL:http://www.securityfocus.com/archive/1/491693/100/0/threaded HP:SSRT080056 URL:http://www.securityfocus.com/archive/1/491693/100/0/threaded SLACKWARE:SSA:2008-045-03 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136 TRUSTIX:2007-0026 URL:http://www.trustix.org/errata/2007/0026/ BID:24661 URL:http://www.securityfocus.com/bid/24661 BID:25498 URL:http://www.securityfocus.com/bid/25498 OVAL:oval:org.mitre.oval:def:6056 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6056 VUPEN:ADV-2007-3023 URL:http://www.vupen.com/english/advisories/2007/3023 VUPEN:ADV-2008-0398 URL:http://www.vupen.com/english/advisories/2008/0398 VUPEN:ADV-2008-0924 URL:http://www.vupen.com/english/advisories/2008/0924/references OSVDB:38682 URL:http://www.osvdb.org/38682 SECUNIA:26642 URL:http://secunia.com/advisories/26642 SECUNIA:26822 URL:http://secunia.com/advisories/26822 SECUNIA:26838 URL:http://secunia.com/advisories/26838 SECUNIA:27377 URL:http://secunia.com/advisories/27377 SECUNIA:27102 URL:http://secunia.com/advisories/27102 SECUNIA:27648 URL:http://secunia.com/advisories/27648 SECUNIA:28318 URL:http://secunia.com/advisories/28318 SECUNIA:28750 URL:http://secunia.com/advisories/28750 SECUNIA:28936 URL:http://secunia.com/advisories/28936 SECUNIA:29420 URL:http://secunia.com/advisories/29420 SECUNIA:30040 URL:http://secunia.com/advisories/30040 SREASON:2831 URL:http://securityreason.com/securityalert/2831 SREASON:3389 URL:http://securityreason.com/securityalert/3389 VUPEN:ADV-2008-0059 URL:http://www.vupen.com/english/advisories/2008/0059 XF:php-htaccess-security-bypass(35102) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/35102 XF:php-sessionsavepath-errorlog-security-bypass(39403) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/39403
Assigning CNA
N/A
Date Entry Created
20070625	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070625)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.