NVD Vulnerability Detail

CVE-2006-5178

Summary	Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.
Publication Date	Oct. 10, 2006, 1:06 p.m.
Registration Date	Jan. 29, 2021, 3:47 p.m.
Last Update	Oct. 31, 2018, 1:25 a.m.

CVSS2.0 : MEDIUM
Score	6.2
Vector	AV:L/AC:H/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	高
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	はい
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:php:php:4.0:::::::*
cpe:2.3:a:php:php:4.0.1:::::::*
cpe:2.3:a:php:php:4.0.1:patch1::::::
cpe:2.3:a:php:php:4.0.1:patch2::::::
cpe:2.3:a:php:php:4.0.2:::::::*
cpe:2.3:a:php:php:4.0.3:patch1::::::
cpe:2.3:a:php:php:4.0.4:::::::*
cpe:2.3:a:php:php:4.0.5:::::::*
cpe:2.3:a:php:php:4.0.6:::::::*
cpe:2.3:a:php:php:4.0.7:::::::*
cpe:2.3:a:php:php:4.0.7:rc1::::::
cpe:2.3:a:php:php:4.0.7:rc2::::::
cpe:2.3:a:php:php:4.0.7:rc3::::::
cpe:2.3:a:php:php:4.1.0:::::::*
cpe:2.3:a:php:php:4.1.1:::::::*
cpe:2.3:a:php:php:4.1.2:::::::*
cpe:2.3:a:php:php:4.2::dev:::::
cpe:2.3:a:php:php:4.2.0:::::::*
cpe:2.3:a:php:php:4.2.1:::::::*
cpe:2.3:a:php:php:4.2.2:::::::*
cpe:2.3:a:php:php:4.2.3:::::::*
cpe:2.3:a:php:php:4.3.0:::::::*
cpe:2.3:a:php:php:4.3.1:::::::*
cpe:2.3:a:php:php:4.3.2:::::::*
cpe:2.3:a:php:php:4.3.3:::::::*
cpe:2.3:a:php:php:4.3.4:::::::*
cpe:2.3:a:php:php:4.3.5:::::::*
cpe:2.3:a:php:php:4.3.6:::::::*
cpe:2.3:a:php:php:4.3.7:::::::*
cpe:2.3:a:php:php:4.3.8:::::::*
cpe:2.3:a:php:php:4.3.9:::::::*
cpe:2.3:a:php:php:4.3.10:::::::*
cpe:2.3:a:php:php:4.3.11:::::::*
cpe:2.3:a:php:php:4.4.0:::::::*
cpe:2.3:a:php:php:4.4.1:::::::*
cpe:2.3:a:php:php:4.4.2:::::::*
cpe:2.3:a:php:php:4.4.3:::::::*
cpe:2.3:a:php:php:4.4.4:::::::*
cpe:2.3:a:php:php:5.0:rc1::::::
cpe:2.3:a:php:php:5.0:rc2::::::
cpe:2.3:a:php:php:5.0:rc3::::::
cpe:2.3:a:php:php:5.0.0:::::::*
cpe:2.3:a:php:php:5.0.1:::::::*
cpe:2.3:a:php:php:5.0.2:::::::*
cpe:2.3:a:php:php:5.0.3:::::::*
cpe:2.3:a:php:php:5.0.4:::::::*
cpe:2.3:a:php:php:5.0.5:::::::*
cpe:2.3:a:php:php:5.1.0:::::::*
cpe:2.3:a:php:php:5.1.1:::::::*
cpe:2.3:a:php:php:5.1.2:::::::*
cpe:2.3:a:php:php:5.1.3:::::::*
cpe:2.3:a:php:php:5.1.4:::::::*
cpe:2.3:a:php:php:5.1.5:::::::*
cpe:2.3:a:php:php::::::::		5.1.6

Related information, measures and tools

No	URL	refsource	タグ
1	http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049850.html	FULLDISC	Exploit
2	http://secunia.com/advisories/22235	SECUNIA	Exploit Vendor Advisory
3	http://secunia.com/advisories/22424	SECUNIA
4	http://securityreason.com/securityalert/1692	SREASON
5	http://securitytracker.com/id?1016977	SECTRACK	Exploit
6	http://www.hardened-php.net/advisory_082006.132.html	MISC	Exploit Vendor Advisory
7	http://www.mandriva.com/security/advisories?name=MDKSA-2006:185	MANDRIVA
8	http://www.neosecurityteam.net/index.php?action=advisories&id=26	MISC
9	http://www.securityfocus.com/archive/1/447649/100/0/threaded	BUGTRAQ
10	http://www.securityfocus.com/archive/1/448020/100/0/threaded	BUGTRAQ
11	http://www.securityfocus.com/archive/1/448953/100/0/threaded	OPENPKG
12	http://www.securityfocus.com/bid/20326	BID	Exploit
13	http://www.turbolinux.com/security/2006/TLSA-2006-38.txt	TURBO
14	http://www.vupen.com/english/advisories/2006/3901	VUPEN
15	https://exchange.xforce.ibmcloud.com/vulnerabilities/29340	XF

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:php:php:4.0:::::::*
cpe:2.3:a:php:php:4.0.1:::::::*
cpe:2.3:a:php:php:4.0.1:patch1::::::
cpe:2.3:a:php:php:4.0.1:patch2::::::
cpe:2.3:a:php:php:4.0.2:::::::*
cpe:2.3:a:php:php:4.0.3:patch1::::::
cpe:2.3:a:php:php:4.0.4:::::::*
cpe:2.3:a:php:php:4.0.5:::::::*
cpe:2.3:a:php:php:4.0.6:::::::*
cpe:2.3:a:php:php:4.0.7:::::::*
cpe:2.3:a:php:php:4.0.7:rc1::::::
cpe:2.3:a:php:php:4.0.7:rc2::::::
cpe:2.3:a:php:php:4.0.7:rc3::::::
cpe:2.3:a:php:php:4.1.0:::::::*
cpe:2.3:a:php:php:4.1.1:::::::*
cpe:2.3:a:php:php:4.1.2:::::::*
cpe:2.3:a:php:php:4.2::dev:::::
cpe:2.3:a:php:php:4.2.0:::::::*
cpe:2.3:a:php:php:4.2.1:::::::*
cpe:2.3:a:php:php:4.2.2:::::::*
cpe:2.3:a:php:php:4.2.3:::::::*
cpe:2.3:a:php:php:4.3.0:::::::*
cpe:2.3:a:php:php:4.3.1:::::::*
cpe:2.3:a:php:php:4.3.2:::::::*
cpe:2.3:a:php:php:4.3.3:::::::*
cpe:2.3:a:php:php:4.3.4:::::::*
cpe:2.3:a:php:php:4.3.5:::::::*
cpe:2.3:a:php:php:4.3.6:::::::*
cpe:2.3:a:php:php:4.3.7:::::::*
cpe:2.3:a:php:php:4.3.8:::::::*
cpe:2.3:a:php:php:4.3.9:::::::*
cpe:2.3:a:php:php:4.3.10:::::::*
cpe:2.3:a:php:php:4.3.11:::::::*
cpe:2.3:a:php:php:4.4.0:::::::*
cpe:2.3:a:php:php:4.4.1:::::::*
cpe:2.3:a:php:php:4.4.2:::::::*
cpe:2.3:a:php:php:4.4.3:::::::*
cpe:2.3:a:php:php:4.4.4:::::::*
cpe:2.3:a:php:php:5.0:rc1::::::
cpe:2.3:a:php:php:5.0:rc2::::::
cpe:2.3:a:php:php:5.0:rc3::::::
cpe:2.3:a:php:php:5.0.0:::::::*
cpe:2.3:a:php:php:5.0.1:::::::*
cpe:2.3:a:php:php:5.0.2:::::::*
cpe:2.3:a:php:php:5.0.3:::::::*
cpe:2.3:a:php:php:5.0.4:::::::*
cpe:2.3:a:php:php:5.0.5:::::::*
cpe:2.3:a:php:php:5.1.0:::::::*
cpe:2.3:a:php:php:5.1.1:::::::*
cpe:2.3:a:php:php:5.1.2:::::::*
cpe:2.3:a:php:php:5.1.3:::::::*
cpe:2.3:a:php:php:5.1.4:::::::*
cpe:2.3:a:php:php:5.1.5:::::::*
cpe:2.3:a:php:php::::::::		5.1.6