#48036 [NEW]: In PHP 5.2.9, curl php module bypass safe_mode & open_basedir security features

Tue, 21 Apr 2009 05:37:05 -0700 

From:             y dot le dot ny at ifrance dot com
Operating system: All (Linux and Sun Solaris)
PHP version:      5.2.9
PHP Bug Type:     cURL related
Bug description:  In PHP 5.2.9, curl php module bypass safe_mode & open_basedir 
security features

Description:
------------
There is a big security problem with CURL module in PHP 5.2.9.

I use the latest stable release PHP 5.2.9 and the latest stable release
Curl 7.19.4 on Redhat Enterprise Linux 3 and 4, on Sun Solaris 8 and 10 and
I can reproduce the exploit that is explained at this URL :
http://securityreason.com/achievement_securityalert/61

Please find the problem and patch php curl module 's code source here :
http://cvs.php.net/viewvc.cgi/php-src/ext/curl/ 

Reproduce code:
---------------
http://securityreason.com/achievement_securityalert/61


-- 
Edit bug report at http://bugs.php.net/?id=48036&edit=1
-- 
Try a CVS snapshot (PHP 5.2):        
http://bugs.php.net/fix.php?id=48036&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):        
http://bugs.php.net/fix.php?id=48036&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):        
http://bugs.php.net/fix.php?id=48036&r=trysnapshot60
Fixed in CVS:                        
http://bugs.php.net/fix.php?id=48036&r=fixedcvs
Fixed in CVS and need be documented: 
http://bugs.php.net/fix.php?id=48036&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=48036&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=48036&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=48036&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=48036&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=48036&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=48036&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=48036&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=48036&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=48036&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=48036&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=48036&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=48036&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=48036&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=48036&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=48036&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=48036&r=mysqlcfg

Reply via email to