PHP < 4.3.3 php_check_safe_mode_include_dir Function Safemode Bypass

medium Nessus Plugin ID 11807

Synopsis

Arbitrary files may be read on the remote host.

Description

According to its banner, the version of PHP 4.3.x installed on the remote host is prior to 4.3.2. It is, therefore, potentially affected by an information disclosure vulnerability.

Due to a flaw in the function php_safe_mode_include_dir(), a local attacker could bypass safe mode and gain unauthorized access to files on the local system.

Solution

Upgrade to PHP 4.3.3 or later.

Plugin Details

Severity: Medium

ID: 11807

File Name: php_4_3_x_safe_mode_include.nasl

Version: 1.24

Type: remote

Family: CGI abuses

Published: 7/25/2003

Updated: 5/28/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:php:php

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 8/25/2003

Vulnerability Publication Date: 7/16/2003

Reference Information

CVE: CVE-2003-0863

BID: 8201