FreeBSD : php -- input validation error in safe_mode (ee6fa2bd-406a-11dd-936a-0015af872849)
Medium Nessus Plugin ID 34089
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionAccording to Maksymilian Arciemowicz research, it is possible to bypass security restrictions of safe_mode in various functions via directory traversal vulnerability. The attacker can use this attack to gain access to sensitive information. Functions utilizing expand_filepath() may be affected.
It should be noted that this vulnerability is not considered to be serious by the FreeBSD Security Team, since safe_mode and open_basedir are insecure by design and should not be relied upon.
SolutionUpdate the affected package.