Description

The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.

Remediation

References

CVE-2009-3558

Related Vulnerabilities

WordPress Plugin wp audio gallery playlist 'playlist.php' SQL Injection (0.12)

Apache Traffic Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-10022)

Drupal Core 9.2.x Security Bypass (9.2.0 - 9.2.20)

WordPress Plugin Cms Pack TimThumb Arbitrary File Upload (1.3)

WordPress Plugin All-in-One WP Migration Arbitrary File Upload (7.40)

Severity

Medium

Classification

CVE-2009-3558 CWE-264

Tags

Missing Update Known Vulnerabilities