CVE-2006-5178:

Race condition in the symlink function in PHP 5.1.6 and earlier allows
local users to bypass the open_basedir restriction by using a
combination of symlink, mkdir, and unlink functions to change the file
path after the open_basedir check and before the file is opened by the
underlying system, as demonstrated by symlinking a symlink into a
subdirectory, to point to a parent directory via .. (dot dot)
sequences, and then unlinking the resulting symlink.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to