CVE 2007-4652
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
See the 
CVE page on Mitre.org
for more details.
Launchpad.net
References
- CONFIRM: http://www.php.net/Cha...
- CONFIRM: http://www.php.net/rel...
- SECUNIA: 26642
- CONFIRM: https://issues.rpath.c...
- TRUSTIX: 2007-0026
- SECUNIA: 26822
- SECUNIA: 26838
- CONFIRM: https://issues.rpath.c...
- SECUNIA: 27377
- GENTOO: GLSA-200710-02
- SECUNIA: 27102
- VUPEN: ADV-2007-3023
- XF: php-session-security-b...
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)