Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2009-4018
PUBLISHED
More InfoOfficial Page
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
View Known Exploited Vulnerability (KEV) details
Published At-27 Nov, 2009 | 19:00
Updated At-07 Aug, 2024 | 06:45
Rejected At-
▼CVE Numbering Authority (CNA)

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/40262
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7256
vdb-entry
signature
x_refsource_OVAL
http://marc.info/?l=bugtraq&m=127680701405735&w=2
vendor-advisory
x_refsource_HP
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360
x_refsource_CONFIRM
http://marc.info/?l=oss-security&m=125897935330618&w=2
mailing-list
x_refsource_MLIST
http://secunia.com/advisories/41490
third-party-advisory
x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2009/11/23/15
mailing-list
x_refsource_MLIST
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
vendor-advisory
x_refsource_HP
http://www.php.net/ChangeLog-5.php
x_refsource_CONFIRM
http://www.securityfocus.com/bid/37138
vdb-entry
x_refsource_BID
http://bugs.php.net/bug.php?id=49026
x_refsource_CONFIRM
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/41480
third-party-advisory
x_refsource_SECUNIA
http://marc.info/?l=oss-security&m=125886770008678&w=2
mailing-list
x_refsource_MLIST
http://marc.info/?l=bugtraq&m=127680701405735&w=2
vendor-advisory
x_refsource_HP
http://svn.php.net/viewvc/?view=revision&revision=286360
x_refsource_CONFIRM
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360
x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2009:303
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/40262
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7256
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://marc.info/?l=bugtraq&m=127680701405735&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360
Resource:
x_refsource_CONFIRM
Hyperlink: http://marc.info/?l=oss-security&m=125897935330618&w=2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/41490
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/23/15
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.php.net/ChangeLog-5.php
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/37138
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://bugs.php.net/bug.php?id=49026
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/41480
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=oss-security&m=125886770008678&w=2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://marc.info/?l=bugtraq&m=127680701405735&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://svn.php.net/viewvc/?view=revision&revision=286360
Resource:
x_refsource_CONFIRM
Hyperlink: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:303
Resource:
vendor-advisory
x_refsource_MANDRIVA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/40262
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7256
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://marc.info/?l=bugtraq&m=127680701405735&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360
x_refsource_CONFIRM
x_transferred
http://marc.info/?l=oss-security&m=125897935330618&w=2
mailing-list
x_refsource_MLIST
x_transferred
http://secunia.com/advisories/41490
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.openwall.com/lists/oss-security/2009/11/23/15
mailing-list
x_refsource_MLIST
x_transferred
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
vendor-advisory
x_refsource_HP
x_transferred
http://www.php.net/ChangeLog-5.php
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/37138
vdb-entry
x_refsource_BID
x_transferred
http://bugs.php.net/bug.php?id=49026
x_refsource_CONFIRM
x_transferred
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/41480
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://marc.info/?l=oss-security&m=125886770008678&w=2
mailing-list
x_refsource_MLIST
x_transferred
http://marc.info/?l=bugtraq&m=127680701405735&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://svn.php.net/viewvc/?view=revision&revision=286360
x_refsource_CONFIRM
x_transferred
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360
x_refsource_CONFIRM
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2009:303
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/40262
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7256
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=127680701405735&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://marc.info/?l=oss-security&m=125897935330618&w=2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/41490
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/23/15
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.php.net/ChangeLog-5.php
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/37138
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://bugs.php.net/bug.php?id=49026
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/41480
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=oss-security&m=125886770008678&w=2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=127680701405735&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://svn.php.net/viewvc/?view=revision&revision=286360
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:303
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Details not found