Re: Re: PHP <= 5.2.5 Safe Mode Bypass

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: PHP <= 5.2.5 Safe Mode Bypass
From: Alireza Hassani <trueend5@xxxxxxxxx>
Date: Tue, 25 Dec 2007 05:20:06 -0800 (PST)
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=KapSaENr5aBxiuMIfyYQKTfJMX+keKpwA14ynJOdiC5shN/n9okIjHOpiNFwxqk/ZwbvL79zK1gjX+WME5tjA4CMLwDNPgMybnfWYq98yDp9EPwx/y61d3m8ITQx1J7zV0LVKicugDvzoJ52WJ5dI8Vmh9DqE3f09W3tyuN6grA=;
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

--- shsuff@xxxxxxxxxxx wrote:

> Nothing new.
> Already found: http://securityreason.com/achievement_securityalert/36/

I think it?s obvious that this one focuses on safe_mode restriction weakness 
and that one talks
about open_basedir! The only Similarity between these two advisories is the 
vulnerable tempnam
function

> 
> And this will not bypass safe_mode but open_basedir ...
>

Which one do you talk about , this or that?

____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  
http://tools.search.yahoo.com/newsearch/category.php?category=shopping

Prev by Date: [SECURITY] [DSA 1437-1] New cupsys packages fix several vulnerabilities
Next by Date: Re: Microsoft Office Publisher
Previous by thread: Re: PHP <= 5.2.5 Safe Mode Bypass
Next by thread: [CVE-2007-5342] Apache Tomcat's default security policy is too open
Index(es):
- Date
- Thread