CVE-2009-3558

Publication date 23 November 2009

Last updated 24 July 2024

Ubuntu priority

The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
php5	9.10 karmic	Fixed 5.2.10.dfsg.1-2ubuntu6.3
	9.04 jaunty	Fixed 5.2.6.dfsg.1-3ubuntu4.4
	8.10 intrepid	Fixed 5.2.6-2ubuntu4.5
	8.04 LTS hardy	Fixed 5.2.4-2ubuntu5.9
	6.06 LTS dapper	Fixed 5.1.2-1ubuntu3.17

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
php5	Upstream: http://svn.php.net/viewvc?view=revision&revision=288943

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-862-1
PHP vulnerabilities
26 November 2009

Other references

http://securityreason.com/securityalert/6600
https://www.cve.org/CVERecord?id=CVE-2009-3558