CVE-2010-3436

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 09-11-2010 02:00

Last modified: - 01-09-2022 06:32

Total changes: - 2

Description

fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:P/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

None

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

5.0

Base score

10.0

2.9

Exploitability score

Impact score

Verification logic

Reference

MDVSA-2010:218-Third Party Advisory
http://svn.php.net/viewvc/php/php-src/trunk/main/fopen_wrappers.c?r1=303824&r2=303823&pathrev=303824
http://svn.php.net/viewvc?view=revision&revision=303824
http://security-tracker.debian.org/tracker/CVE-2010-3436
44723-Third Party Advisory, VDB Entry
42729-Third Party Advisory
SSA:2010-357-01-Third Party Advisory
ADV-2010-3313-Permissions Required
http://www.php.net/ChangeLog-5.php
http://www.php.net/releases/5_3_4.php
ADV-2011-0077-Permissions Required
http://www.php.net/archive/2010.php#id2010-12-10-1
42812-Third Party Advisory
http://www.php.net/releases/5_2_15.php
USN-1042-1-Third Party Advisory
http://support.apple.com/kb/HT4581
APPLE-SA-2011-03-21-1-Mailing List, Third Party Advisory
http://support.apple.com/kb/HT5002
APPLE-SA-2011-10-12-3-Mailing List, Third Party Advisory

Keywords

CVE-2010-3436

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2010-3436

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures