Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2009-4018

Опубликовано: 29 нояб. 2009
Источник: ubuntu
Приоритет: low
EPSS Средний
CVSS2: 7.5

Описание

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.

РелизСтатусПримечание
dapper

released

5.1.2-1ubuntu3.17
devel

not-affected

5.2.11.dfsg.1-1ubuntu1
hardy

released

5.2.4-2ubuntu5.9
intrepid

released

5.2.6-2ubuntu4.5
jaunty

released

5.2.6.dfsg.1-3ubuntu4.4
karmic

released

5.2.10.dfsg.1-2ubuntu6.3
upstream

released

5.3.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 95%
0.1776
Средний

7.5 High

CVSS2

Связанные уязвимости

redhat логотип

CVE-2009-4018

redhat
почти 16 лет назад

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.

nvd логотип

CVE-2009-4018

nvd
больше 15 лет назад

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.

debian логотип

CVE-2009-4018

debian
больше 15 лет назад

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.1 ...

github логотип

GHSA-64wx-q8pj-gj2r

github
около 3 лет назад

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.

EPSS

Процентиль: 95%
0.1776
Средний

7.5 High

CVSS2