Vulnerability Name:

CVE-2006-3011 (CCN-27414)

Assigned:2006-06-25
Published:2006-06-25
Updated:2017-07-20
Summary:The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: Full-Disclosure Mailing List, Sun Jun 25 2006 - 18:10:48 CDT
error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2

Source: MITRE
Type: CNA
CVE-2006-3011

Source: CONFIRM
Type: UNKNOWN
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?diff_format=u&view=log&pathrev=PHP_4_4

Source: CONFIRM
Type: UNKNOWN
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.9&r2=1.543.2.51.2.10&pathrev=PHP_4_4&diff_format=u

Source: CCN
Type: SA20818
PHP "error_log()" Safe Mode Bypass Weakness

Source: SECUNIA
Type: Vendor Advisory
20818

Source: SECUNIA
Type: Vendor Advisory
21050

Source: SECUNIA
Type: Vendor Advisory
21125

Source: CCN
Type: SA21546
PHP Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
21546

Source: SREASONRES
Type: Exploit
20060625 error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2

Source: SREASON
Type: UNKNOWN
1129

Source: CCN
Type: SECTRACK ID: 1016377
PHP error_log() Function Lets Users Bypass Safe Mode File Access Restrictions

Source: SECTRACK
Type: UNKNOWN
1016377

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:122

Source: OSVDB
Type: UNKNOWN
26827

Source: CCN
Type: OSVDB ID: 26827
PHP error_log() Third Argument Safe Mode Bypass

Source: CCN
Type: OSVDB ID: 28006
PHP error_log() Function open_basedir/safe_mode Bypass

Source: CCN
Type: The PHP Group Web site
PHP 4.4.3. Release Announcement

Source: CONFIRM
Type: UNKNOWN
http://www.php.net/release_5_1_5.php

Source: BID
Type: UNKNOWN
18645

Source: CCN
Type: BID-18645
PHP Error_Log Safe_Mode Restriction-Bypass Vulnerability

Source: CCN
Type: USN-320-1
PHP vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-320-1

Source: CCN
Type: USN-320-2
PHP regression

Source: VUPEN
Type: Vendor Advisory
ADV-2006-2523

Source: XF
Type: UNKNOWN
php-errorlog-safe-mode-bypass(27414)

Source: XF
Type: UNKNOWN
php-errorlog-safe-mode-bypass(27414)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:1.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:2.0b10:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.10:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.11:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 4.4.3)

    • Configuration 2:
  • cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.6:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:4.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.10:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.11:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:rc2:*:*:*:*:*:*
  • AND
  • cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    php php 1.0
    php php 2.0
    php php 2.0b10
    php php 3.0
    php php 3.0.1
    php php 3.0.2
    php php 3.0.3
    php php 3.0.4
    php php 3.0.5
    php php 3.0.6
    php php 3.0.7
    php php 3.0.8
    php php 3.0.9
    php php 3.0.10
    php php 3.0.11
    php php 3.0.12
    php php 3.0.13
    php php 3.0.14
    php php 3.0.15
    php php 3.0.16
    php php 3.0.17
    php php 3.0.18
    php php 4.0 beta1
    php php 4.0 beta2
    php php 4.0 beta3
    php php 4.0 beta4
    php php 4.0 beta_4_patch1
    php php 4.0.0
    php php 4.0.1
    php php 4.0.2
    php php 4.0.3
    php php 4.0.4
    php php 4.0.5
    php php 4.0.6
    php php 4.0.7
    php php 4.1.0
    php php 4.1.1
    php php 4.1.2
    php php 4.2.0
    php php 4.2.1
    php php 4.2.2
    php php 4.2.3
    php php 4.3.0
    php php 4.3.1
    php php 4.3.2
    php php 4.3.3
    php php 4.3.4
    php php 4.3.5
    php php 4.3.6
    php php 4.3.7
    php php 4.3.8
    php php 4.3.9
    php php 4.3.10
    php php 4.3.11
    php php 4.4.0
    php php 4.4.1
    php php 4.4.2
    php php *
    php php 5.0.0
    php php 5.0.0 beta1
    php php 5.0.0 beta2
    php php 5.0.0 beta3
    php php 5.0.0 beta4
    php php 5.0.0 rc1
    php php 5.0.0 rc2
    php php 5.0.0 rc3
    php php 5.0.1
    php php 5.0.2
    php php 5.0.3
    php php 5.0.4
    php php 5.0.5
    php php 5.1.0
    php php 5.1.1
    php php 5.1.2
    php php 5.1.3
    php php 5.1.4
    php php 5.1.6
    php php 4.0.5
    php php 4.1.1
    php php 4.2.0
    php php 4.2.1
    php php 4.2.3
    php php 4.2.2
    php php 4.3.0
    php php 4.3.4
    php php 4.3.9
    php php 4.3.10
    php php 5.0.3
    php php 4.3.11
    php php 5.0.4
    php php 5.0.0
    php php 4.4.0
    php php 5.0.5
    php php 5.1.1
    php php 5.1.2
    php php 5.1.4
    php php 4.4.2
    php php 4.3.3
    php php 5.0.2
    php php 4.0.0
    php php 4.0.1
    php php 4.0.2
    php php 4.0.3
    php php 4.0.4
    php php 4.0.6
    php php 4.0.7
    php php 4.0 beta_4_patch1
    php php 4.0 beta1
    php php 4.0 beta2
    php php 4.0 beta3
    php php 4.0 beta4
    php php 4.1.0
    php php 4.1.2
    php php 4.3.1
    php php 4.3.2
    php php 4.3.5
    php php 4.3.6
    php php 4.3.7
    php php 4.3.8
    php php 4.4.1
    php php 5.0.0 beta1
    php php 5.0.0 beta2
    php php 5.0.0 beta3
    php php 5.0.0 beta4
    php php 5.0.0 rc1
    php php 5.0.0 rc2
    php php 5.0.0 rc3
    php php 5.0.1
    php php 5.1.0
    php php 5.1.3
    php php 4.0 rc1
    php php 4.0 rc2
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake multi network firewall 2.0
    mandrakesoft mandrake linux 2006
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0