From: y dot le dot ny at ifrance dot com Operating system: All (Linux and Sun Solaris) PHP version: 5.2.9 PHP Bug Type: cURL related Bug description: In PHP 5.2.9, curl php module bypass safe_mode & open_basedir security features
Description: ------------ There is a big security problem with CURL module in PHP 5.2.9. I use the latest stable release PHP 5.2.9 and the latest stable release Curl 7.19.4 on Redhat Enterprise Linux 3 and 4, on Sun Solaris 8 and 10 and I can reproduce the exploit that is explained at this URL : http://securityreason.com/achievement_securityalert/61 Please find the problem and patch php curl module 's code source here : http://cvs.php.net/viewvc.cgi/php-src/ext/curl/ Reproduce code: --------------- http://securityreason.com/achievement_securityalert/61 -- Edit bug report at http://bugs.php.net/?id=48036&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=48036&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=48036&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=48036&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=48036&r=fixedcvs Fixed in CVS and need be documented: http://bugs.php.net/fix.php?id=48036&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=48036&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=48036&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=48036&r=needscript Try newer version: http://bugs.php.net/fix.php?id=48036&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=48036&r=support Expected behavior: http://bugs.php.net/fix.php?id=48036&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=48036&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=48036&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=48036&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=48036&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=48036&r=dst IIS Stability: http://bugs.php.net/fix.php?id=48036&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=48036&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=48036&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=48036&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=48036&r=mysqlcfg