CVE-2015-4025
Published: 9 June 2015
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
Priority
Status
Package | Release | Status |
---|---|---|
php5
Launchpad, Ubuntu, Debian |
precise |
Released
(5.3.10-1ubuntu3.19)
|
trusty |
Released
(5.5.9+dfsg-1ubuntu4.11)
|
|
upstream |
Released
(5.4.41,5.5.25,5.6.9)
|
|
utopic |
Released
(5.5.12+dfsg-2ubuntu4.6)
|
|
vivid |
Released
(5.6.4+dfsg-4ubuntu6.2)
|
|
Patches:
upstream: http://git.php.net/?p=php-src.git;a=commit;h=be9b2a95adb504abd5acdc092d770444ad6f6854 upstream: http://git.php.net/?p=php-src.git;a=commit;h=634aa0a2dbf8ec5e6fabb4ee01c6d1355ba7ee67 |