Vulnerability Name:

CVE-2009-3558 (CCN-53568)

Assigned:2009-09-30
Published:2009-09-30
Updated:2018-10-30
Summary:The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.
Access Complexity selected medium according to the information from X-force link regarding enabling "open_basedir" option.

http://xforce.iss.net/xforce/xfdb/53568



CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:TF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.3 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:TF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2009-3558

Source: APPLE
Type: UNKNOWN
APPLE-SA-2010-03-29-1

Source: MLIST
Type: UNKNOWN
[php-announce] 20091119 5.3.1 Release announcement

Source: CCN
Type: SA37412
PHP Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
37412

Source: CCN
Type: SA37821
PHP Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
37821

Source: CCN
Type: SecurityReason SecurityAlert : 6600
PHP 5.3.0 5.2.11 posix_mkfifo() open_basedir bypass

Source: SREASON
Type: Exploit
6600

Source: CCN
Type: Apple Web site
About the security content of Security Update 2010-002 / Mac OS X v10.6.3

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT4077

Source: CONFIRM
Type: UNKNOWN
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/posix/posix.c?view=log

Source: CCN
Type: SVN Repository
PHP

Source: CONFIRM
Type: UNKNOWN
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/posix/posix.c?view=log

Source: CONFIRM
Type: Patch
http://svn.php.net/viewvc?view=revision&revision=288943

Source: CCN
Type: GLSA-201001-03
PHP: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:285

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:302

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:303

Source: MLIST
Type: Patch
[oss-security] 20091120 CVE request: php 5.3.1 update

Source: MLIST
Type: Patch
[oss-security] 20091120 Re: CVE request: php 5.3.1 update

Source: MLIST
Type: Patch
[oss-security] 20091120 Re: CVE request: php 5.3.1 update

Source: CCN
Type: OSVDB ID: 60435
PHP ext/posix/posix.c posix_mkfifo() Function open_basedir Bypass

Source: CCN
Type: PHP Web site
PHP: Hypertext Preprocessor

Source: CONFIRM
Type: UNKNOWN
http://www.php.net/ChangeLog-5.php

Source: CONFIRM
Type: UNKNOWN
http://www.php.net/releases/5_2_12.php

Source: CONFIRM
Type: UNKNOWN
http://www.php.net/releases/5_3_1.php

Source: CCN
Type: BID-36554
PHP 'posix_mkfifo()' 'open_basedir' Restriction Bypass Vulnerability

Source: CCN
Type: USN-862-1
php5 vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2009-3593

Source: XF
Type: UNKNOWN
php-posixmkfifo-security-bypass(53568)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:1.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:2.0b10:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:3.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.10:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.11:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.8:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.9:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.2.10)
  • OR cpe:/a:php:php:5.3.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.9:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.10:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.11:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04:*:lts:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:13706
    P
    		USN-862-1 -- php5 vulnerabilities
    2014-06-30
    BACK
    php php 1.0
    php php 2.0
    php php 2.0b10
    php php 3.0
    php php 3.0.1
    php php 3.0.2
    php php 3.0.3
    php php 3.0.4
    php php 3.0.5
    php php 3.0.6
    php php 3.0.7
    php php 3.0.8
    php php 3.0.9
    php php 3.0.10
    php php 3.0.11
    php php 3.0.12
    php php 3.0.13
    php php 3.0.14
    php php 3.0.15
    php php 3.0.16
    php php 3.0.17
    php php 3.0.18
    php php 4.0
    php php 4.0 beta1
    php php 4.0 beta2
    php php 4.0 beta3
    php php 4.0 beta4
    php php 4.0 beta_4_patch1
    php php 4.0.0
    php php 4.0.1
    php php 4.0.2
    php php 4.0.3
    php php 4.0.4
    php php 4.0.5
    php php 4.0.6
    php php 4.0.7
    php php 4.1.0
    php php 4.1.1
    php php 4.1.2
    php php 4.2.0
    php php 4.2.1
    php php 4.2.2
    php php 4.2.3
    php php 4.3.0
    php php 4.3.1
    php php 4.3.2
    php php 4.3.7
    php php 4.3.10
    php php 4.3.11
    php php 4.4.2
    php php 4.4.7
    php php 4.4.8
    php php 4.4.9
    php php 5.0.0
    php php 5.0.0 beta4
    php php 5.0.3
    php php 5.1.1
    php php 5.2.1
    php php 5.2.5
    php php 5.2.6
    php php *
    php php 5.3.0
    php php 5.2.0
    php php 5.2.1 -
    php php 5.2.3 -
    php php 5.2.2 -
    php php 5.2.4 -
    php php 5.2.5 -
    php php 5.2.6 -
    php php 5.2.7 -
    php php 5.2.8
    php php 5.2.9 -
    php php 5.2.10 -
    php php 5.2.11 -
    php php 5.3.0
    gentoo linux *
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake multi network firewall 2.0
    canonical ubuntu 6.06
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.0
    canonical ubuntu 8.04
    mandriva linux 2009.0
    mandriva linux 2009.0 -
    mandriva linux 2009.1
    mandriva linux 2009.1
    apple mac os x server 10.6
    apple mac os x 10.6
    apple mac os x server 10.6.1
    apple mac os x 10.6.1
    apple mac os x server 10.6.2
    apple mac os x 10.6.2
    mandriva enterprise server 5
    mandriva enterprise server 5
    mandriva linux 2010
    mandriva linux 2010