CVE-2004-1064 - OpenCVE

The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Php	Php

Configuration 1 [-]

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

Configuration 2 [-]

cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915	Broken Link
http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml	Third Party Advisory
http://www.hardened-php.net/advisories/012004.txt	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:151	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:072	Third Party Advisory
http://www.php.net/release_4_3_10.php	Release Notes Vendor Advisory
http://www.securityfocus.com/advisories/9028	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/384545	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/11964	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/18512	Third Party Advisory VDB Entry
https://www.ubuntu.com/usn/usn-99-1/	Third Party Advisory
https://www.ubuntu.com/usn/usn-99-2/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2004-12-08T05:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2004-11-23T00:00:00

Link: CVE-2004-1064

JSON object: View

NVD Information

Status : Analyzed

Published: 2005-01-10T05:00:00.000

Modified: 2020-12-08T18:56:34.047

Link: CVE-2004-1064

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-12-15T00:00:00", "descriptions": [{"lang": "en", "value": "The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "MDKSA-2005:072", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:072"}, {"name": "11964", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/11964"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.php.net/release_4_3_10.php"}, {"name": "MDKSA-2004:151", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:151"}, {"tags": ["x_refsource_MISC"], "url": "http://www.hardened-php.net/advisories/012004.txt"}, {"name": "php-realpath-safemode-bypass(18512)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18512"}, {"name": "CLA-2005:915", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915"}, {"name": "GLSA-200412-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml"}, {"name": "20041215 Advisory 01/2004: Multiple vulnerabilities in PHP 4/5", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/384545"}, {"name": "USN-99-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://www.ubuntu.com/usn/usn-99-2/"}, {"name": "HPSBMA01212", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/advisories/9028"}, {"name": "USN-99-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://www.ubuntu.com/usn/usn-99-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1064", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MDKSA-2005:072", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:072"}, {"name": "11964", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11964"}, {"name": "http://www.php.net/release_4_3_10.php", "refsource": "CONFIRM", "url": "http://www.php.net/release_4_3_10.php"}, {"name": "MDKSA-2004:151", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:151"}, {"name": "http://www.hardened-php.net/advisories/012004.txt", "refsource": "MISC", "url": "http://www.hardened-php.net/advisories/012004.txt"}, {"name": "php-realpath-safemode-bypass(18512)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18512"}, {"name": "CLA-2005:915", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915"}, {"name": "GLSA-200412-14", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml"}, {"name": "20041215 Advisory 01/2004: Multiple vulnerabilities in PHP 4/5", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/384545"}, {"name": "USN-99-2", "refsource": "UBUNTU", "url": "https://www.ubuntu.com/usn/usn-99-2/"}, {"name": "HPSBMA01212", "refsource": "HP", "url": "http://www.securityfocus.com/advisories/9028"}, {"name": "USN-99-1", "refsource": "UBUNTU", "url": "https://www.ubuntu.com/usn/usn-99-1/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1064", "datePublished": "2004-12-08T05:00:00", "dateReserved": "2004-11-23T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "241DD577-6407-4390-A992-61972240FE0E", "versionEndIncluding": "4.3.9", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "6578037E-94D3-4531-ABDD-E09A9D96D6D2", "versionEndIncluding": "5.0.2", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*", "matchCriteriaId": "778A6957-455B-420A-BAAF-E7F88FF4FB1E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion."}, {"lang": "es", "value": "** RECHAZADA ** No usar este n\u00famero de candidata."}], "id": "CVE-2004-1064", "lastModified": "2020-12-08T18:56:34.047", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-01-10T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.hardened-php.net/advisories/012004.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:151"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:072"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.php.net/release_4_3_10.php"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/advisories/9028"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/384545"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/11964"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18512"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.ubuntu.com/usn/usn-99-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.ubuntu.com/usn/usn-99-2/"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php", "lastModified": "2008-10-30T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}