CVE-2007-3007 - OpenCVE

PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Php	Php

Configuration 1 [-]

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

References

Link	Resource
http://bugs.php.net/bug.php?id=41492	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html	Mailing List Third Party Advisory
http://osvdb.org/36084	Broken Link
http://secunia.com/advisories/25456	Vendor Advisory
http://secunia.com/advisories/26048	Vendor Advisory
http://secunia.com/advisories/26231	Vendor Advisory
http://secunia.com/advisories/27102	Vendor Advisory
http://secunia.com/advisories/27110	Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml	Third Party Advisory
http://www.php.net/releases/5_2_3.php	Vendor Advisory
http://www.securityfocus.com/bid/24259	Third Party Advisory VDB Entry
http://www.trustix.org/errata/2007/0023/	Broken Link
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-04T17:00:00

Updated: 2007-06-15T09:00:00

Reserved: 2007-06-04T00:00:00

Link: CVE-2007-3007

JSON object: View

NVD Information

Status : Analyzed

Published: 2007-06-04T17:30:00.000

Modified: 2022-08-29T20:07:10.533

Link: CVE-2007-3007

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-24T00:00:00", "descriptions": [{"lang": "en", "value": "PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-06-15T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "26231", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26231"}, {"name": "27110", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27110"}, {"name": "26048", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26048"}, {"name": "GLSA-200710-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"}, {"name": "FEDORA-2007-2215", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html"}, {"name": "25456", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25456"}, {"name": "2007-0023", "tags": ["vendor-advisory", "x_refsource_TRUSTIX"], "url": "http://www.trustix.org/errata/2007/0023/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.php.net/releases/5_2_3.php"}, {"name": "24259", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24259"}, {"name": "27102", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27102"}, {"name": "36084", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36084"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.php.net/bug.php?id=41492"}, {"name": "SUSE-SA:2007:044", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3007", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "26231", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26231"}, {"name": "27110", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27110"}, {"name": "26048", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26048"}, {"name": "GLSA-200710-02", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"}, {"name": "FEDORA-2007-2215", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html"}, {"name": "25456", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25456"}, {"name": "2007-0023", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0023/"}, {"name": "http://www.php.net/releases/5_2_3.php", "refsource": "CONFIRM", "url": "http://www.php.net/releases/5_2_3.php"}, {"name": "24259", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24259"}, {"name": "27102", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27102"}, {"name": "36084", "refsource": "OSVDB", "url": "http://osvdb.org/36084"}, {"name": "http://bugs.php.net/bug.php?id=41492", "refsource": "CONFIRM", "url": "http://bugs.php.net/bug.php?id=41492"}, {"name": "SUSE-SA:2007:044", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3007", "datePublished": "2007-06-04T17:00:00", "dateReserved": "2007-06-04T00:00:00", "dateUpdated": "2007-06-15T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "69E9B60B-CA92-4300-98B2-F86DFE2001DC", "versionEndExcluding": "5.2.3", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function."}, {"lang": "es", "value": "PHP versi\u00f3n 5 anterior a 5.2.3 no aplica la restricci\u00f3n open_basedir o safe_mode en ciertos casos, lo que permite a los atacantes dependiendo del contexto determinar la presencia de archivos arbitrarios mediante la comprobaci\u00f3n de si la funci\u00f3n readfile devuelve una cadena. NOTA: este problema tambi\u00e9n puede involucrar la funci\u00f3n realpath."}], "id": "CVE-2007-3007", "lastModified": "2022-08-29T20:07:10.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-04T17:30:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://bugs.php.net/bug.php?id=41492"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://osvdb.org/36084"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25456"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26048"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26231"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27102"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27110"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.php.net/releases/5_2_3.php"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/24259"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.trustix.org/errata/2007/0023/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1\nand http://www.php.net/security-note.php\n", "lastModified": "2007-06-07T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}