CVE-2009-4018

Publication date 23 November 2009

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.

Read the notes from the security team

Status

Package Ubuntu Release Status
php5 9.10 karmic
Fixed 5.2.10.dfsg.1-2ubuntu6.3
9.04 jaunty
Fixed 5.2.6.dfsg.1-3ubuntu4.4
8.10 intrepid
Fixed 5.2.6-2ubuntu4.5
8.04 LTS hardy
Fixed 5.2.4-2ubuntu5.9
6.06 LTS dapper
Fixed 5.1.2-1ubuntu3.17

Notes

mdeslaur

PoC in php bug report safe_mode bug

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
php5

References

Related Ubuntu Security Notices (USN)

    • USN-862-1
    • PHP vulnerabilities
    • 26 November 2009

Other references