php

• Author: Miklos Vajna
• Vulnerable: 5.3.1-2
• Unaffected: 5.3.2-1locris1

Two vulnerabilities have been reported in PHP, which can be exploited by malicious users to bypass certain security restrictions.

1. An error in the session extension can be exploited to bypass the “safe_mode” and “open_basedir” feature.
2. A validation error exists within the “tempnam()” function, which can be exploited to bypass the “safe_mode” feature. A NULL pointer dereference has been reported in the xmlrpc extension, in a call to estrdup(). This bug can at least be used to perform DoS attacks.

• Bug Tracker URL: http://bugs.frugalware.org/task/4165

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1128
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1129
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1130
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0397