Executive Summary

Informations
Name CVE-2009-3558 First vendor Publication 2009-11-23
Vendor Cve Last vendor Modification 2018-10-30

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 322

OpenVAS Exploits

Date Description
2010-05-12 Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-01-07 Name : Gentoo Security Advisory GLSA 201001-03 (php)
File : nvt/glsa_201001_03.nasl
2009-12-30 Name : FreeBSD Ports: php5
File : nvt/freebsd_php56.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:324 (php)
File : nvt/mdksa_2009_324.nasl
2009-12-03 Name : Mandriva Security Advisory MDVSA-2009:303 (php)
File : nvt/mdksa_2009_303.nasl
2009-12-03 Name : Ubuntu USN-862-1 (php5)
File : nvt/ubuntu_862_1.nasl
2009-10-27 Name : Mandrake Security Advisory MDVSA-2009:285 (php)
File : nvt/mdksa_2009_285.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-024-02 php
File : nvt/esoft_slk_ssa_2010_024_02.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
60435 PHP ext/posix/posix.c posix_mkfifo() Function open_basedir Bypass

Nessus® Vulnerability Scanner

Date Description
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-302.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-303.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO
2010-02-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201001-03.nasl - Type : ACT_GATHER_INFO
2010-01-25 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-024-02.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_39a25a63eb5c11deb65000215c6a37bb.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_12.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-324.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-862-1.nasl - Type : ACT_GATHER_INFO
2009-10-22 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-285.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
APPLE http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
CONFIRM http://support.apple.com/kb/HT4077
http://svn.php.net/viewvc?view=revision&revision=288943
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/posix/posix.c?view...
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/posix/posix.c?view...
http://www.php.net/ChangeLog-5.php
http://www.php.net/releases/5_2_12.php
http://www.php.net/releases/5_3_1.php
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2009:285
http://www.mandriva.com/security/advisories?name=MDVSA-2009:302
http://www.mandriva.com/security/advisories?name=MDVSA-2009:303
MLIST http://news.php.net/php.announce/79
http://www.openwall.com/lists/oss-security/2009/11/20/2
http://www.openwall.com/lists/oss-security/2009/11/20/3
http://www.openwall.com/lists/oss-security/2009/11/20/5
SECUNIA http://secunia.com/advisories/37412
http://secunia.com/advisories/37821
SREASON http://securityreason.com/securityalert/6600
VUPEN http://www.vupen.com/english/advisories/2009/3593

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Date Informations
2024-02-02 01:11:44
  • Multiple Updates
2024-02-01 12:03:16
  • Multiple Updates
2023-09-05 12:10:59
  • Multiple Updates
2023-09-05 01:03:07
  • Multiple Updates
2023-09-02 12:11:05
  • Multiple Updates
2023-09-02 01:03:09
  • Multiple Updates
2023-08-12 12:13:02
  • Multiple Updates
2023-08-12 01:03:08
  • Multiple Updates
2023-08-11 12:11:07
  • Multiple Updates
2023-08-11 01:03:16
  • Multiple Updates
2023-08-06 12:10:42
  • Multiple Updates
2023-08-06 01:03:10
  • Multiple Updates
2023-08-04 12:10:47
  • Multiple Updates
2023-08-04 01:03:12
  • Multiple Updates
2023-07-14 12:10:44
  • Multiple Updates
2023-07-14 01:03:10
  • Multiple Updates
2023-03-29 01:12:18
  • Multiple Updates
2023-03-28 12:03:16
  • Multiple Updates
2022-10-11 12:09:34
  • Multiple Updates
2022-10-11 01:02:59
  • Multiple Updates
2021-05-04 12:10:17
  • Multiple Updates
2021-04-22 01:10:43
  • Multiple Updates
2020-05-23 01:40:57
  • Multiple Updates
2020-05-23 00:24:25
  • Multiple Updates
2019-06-08 12:02:58
  • Multiple Updates
2018-10-31 00:19:59
  • Multiple Updates
2018-10-04 12:05:27
  • Multiple Updates
2016-10-29 01:00:42
  • Multiple Updates
2016-06-28 17:51:27
  • Multiple Updates
2016-04-26 19:10:58
  • Multiple Updates
2014-02-17 10:51:54
  • Multiple Updates
2013-05-10 23:58:51
  • Multiple Updates