CVE-2010-1129
PHP < 5.2.13 - Directory Access Restriction Bypass via tempnam Function
Title source: llmDescription
The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.
References (11)
Core 11
Core References
Various Sources vendor-advisory
x_refsource_hp
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0479
Patch x_refsource_confirm
http://www.php.net/releases/5_2_13.php
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40551
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
Vendor Advisory x_refsource_confirm
http://www.php.net/ChangeLog-5.php
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38708
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4312
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1023661
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1796
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38431
Scores
EPSS
0.0186
EPSS Percentile
83.3%
Details
CWE
CWE-20
Status
published
Products (13)
php/php
5.2.0
php/php
5.2.1
php/php
5.2.2
php/php
5.2.3
php/php
5.2.4
php/php
5.2.5
php/php
5.2.6
php/php
5.2.7
php/php
5.2.8
php/php
5.2.9
... and 3 more
Published
Mar 26, 2010
Tracked Since
Feb 18, 2026