From: info at flashman dot ru Operating system: Linux pr5 2.4.18-3 PHP version: 4.3.1 PHP Bug Type: Directory function related Bug description: vulnerability in mkdir and other unix-commands!
Description: ------------ php function mkdir allows hackers to execute various commands on the server. Some scripts need a directory name for user. They may enter '/www/somedir /usr/bin/wget ...' and command '/usr/bin/wget somethinghere' will be executed on the server without problems! It happens when php calls unix command mkdir. Regards, Flashman -- Edit bug report at http://bugs.php.net/?id=25315&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=25315&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=25315&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=25315&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=25315&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=25315&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=25315&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=25315&r=support Expected behavior: http://bugs.php.net/fix.php?id=25315&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=25315&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=25315&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=25315&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=25315&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=25315&r=dst IIS Stability: http://bugs.php.net/fix.php?id=25315&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=25315&r=gnused
