CVE-2005-3391

Description

Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.

CVSS Metrics

• v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 19.30%• Percentile: 95%

Affected Systems

• Unknown•PHP

  3.0 | 3.0.1 | 3.0.2 | 3.0.3 | 3.0.4 | 3.0.5 | 3.0.6 | 3.0.7 | 3.0.8 | 3.0.9 | 3.0.10 | 3.0.11 | 3.0.12 | 3.0.13 | 3.0.14 | 3.0.15 | 3.0.16 | 3.0.17 | 3.0.18 | 4.0.0 | 4.0.1 | 4.0.1:patch1 | 4.0.1:patch2 | 4.0.2 | 4.0.3 | 4.0.3:patch1 | 4.0.4 | 4.0.5 | 4.0.6 | 4.0.7 | 4.0.7:rc1 | 4.0.7:rc2 | 4.0.7:rc3 | 4.1.0 | 4.1.1 | 4.1.2 | 4.2 | 4.2.0 | 4.2.1 | 4.2.2 | 4.2.3 | 4.3.0 | 4.3.1 | 4.3.2 | 4.3.3 | 4.3.4 | 4.3.5 | 4.3.6 | 4.3.7 | 4.3.8 | 4.3.9 | 4.3.10 | 4.3.11 | 4.4.0

References (24)

• http://secunia.com/advisories/22691
• http://secunia.com/advisories/18198
• http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
• http://www.osvdb.org/20898
• http://securityreason.com/securityalert/525
• http://secunia.com/advisories/19064
• http://secunia.com/advisories/18054
• http://www.vupen.com/english/advisories/2005/2254
• http://www.securityfocus.com/bid/16907
• http://secunia.com/advisories/17371
• http://www.vupen.com/english/advisories/2006/0791
• http://www.vupen.com/english/advisories/2006/4320
• http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html
• http://www.securityfocus.com/archive/1/419504/100/0/threaded
• http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:035
• http://secunia.com/advisories/18763
• http://www.php.net/release_4_4_1.php
• http://www.us-cert.gov/cas/techalerts/TA06-062A.html
• http://www.securityfocus.com/bid/15411
• http://secunia.com/advisories/17510
• http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html
• http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml
• https://www.ubuntu.com/usn/usn-232-1/
• http://docs.info.apple.com/article.html?artnum=303382