CVE-2004-1064
PHP 4.0.0-4.3.9 and 5.0.0-5.0.2 - Safe Mode Bypass via Path Truncation
Title source: llmDescription
The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
References (12)
Core 12
Core References
Release Notes, Vendor Advisory x_refsource_confirm
http://www.php.net/release_4_3_10.php
Third Party Advisory vendor-advisory
x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2005:072
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11964
Third Party Advisory vendor-advisory
x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2004:151
Third Party Advisory x_refsource_misc
http://www.hardened-php.net/advisories/012004.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18512
Broken Link vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/384545
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://www.ubuntu.com/usn/usn-99-2/
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_hp
http://www.securityfocus.com/advisories/9028
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://www.ubuntu.com/usn/usn-99-1/
Scores
EPSS
0.0173
EPSS Percentile
82.7%
Details
Status
published
Products (2)
canonical/ubuntu_linux
4.10
php/php
4.0.0 - 4.3.9
Published
Jan 10, 2005
Tracked Since
Feb 18, 2026