lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 04 Dec 2009 01:27:50 +0100
From: Maksymilian Arciemowicz <>
Subject: PHP 5.3.1 open_basedir bypass


in php 5.3.1 security changelog, we can read, that safe_mode bypass in
tempnam() has been already fixed. But safe_mode in 5.3 line is
deprecated. We can understand security fix for open_basedir bypass, but
not for safe_mode in 5.3.
Annoying is the fact, that exploit for bypass open_basedir or safe_mode
in php 5.3.1 is avaliable in

we can use symlink trick like in

The issue has been reported to PHP, but did not obtain a meaningful
Very similar issue has been reproted in October 2006 by Stefan Esser

This issue has been fixed.
Small difference, with this is that we need create fake directories

Best Regards,
pub   1024D/A6986BD6 2008-08-22
uid                  Maksymilian Arciemowicz (cxib)
sub   4096g/0889FA9A 2008-08-22

Download attachment "signature.asc" of type "application/pgp-signature" (164 bytes)

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists