CVE-2006-5178
published 2006-10-10CVE-2006-5178: Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink…
PriorityP423medium6.2CVSS 2.0
AVLACHAuNCCICAC
EXPLOIT
EPSS
0.64%
45.9th percentile
Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.
Affected
47 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | <= 5.1.6 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.06.2MEDIUMAV:L/AC:H/Au:N/C:C/I:C/A:C
vendor_redhat6.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
CVE-2006-5178: Race condition in the symlink function in PHP 5
vendor_redhat·CVSS 6.2
CVE-2006-5178 [MEDIUM] CVE-2006-5178: Race condition in the symlink function in PHP 5
Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.
Statement: We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
GHSA
GHSA-qq66-666f-6x36: Race condition in the symlink function in PHP 5
ghsa_unreviewed·2022-05-01
CVE-2006-5178 [MEDIUM] CWE-362 GHSA-qq66-666f-6x36: Race condition in the symlink function in PHP 5
Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.
No detection rules found.
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049850.htmlhttp://secunia.com/advisories/22235http://secunia.com/advisories/22424http://securityreason.com/securityalert/1692http://securitytracker.com/id?1016977http://www.hardened-php.net/advisory_082006.132.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:185http://www.neosecurityteam.net/index.php?action=advisories&id=26http://www.securityfocus.com/archive/1/447649/100/0/threadedhttp://www.securityfocus.com/archive/1/448020/100/0/threadedhttp://www.securityfocus.com/archive/1/448953/100/0/threadedhttp://www.securityfocus.com/bid/20326http://www.turbolinux.com/security/2006/TLSA-2006-38.txthttp://www.vupen.com/english/advisories/2006/3901https://exchange.xforce.ibmcloud.com/vulnerabilities/29340http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049850.htmlhttp://secunia.com/advisories/22235http://secunia.com/advisories/22424http://securityreason.com/securityalert/1692http://securitytracker.com/id?1016977http://www.hardened-php.net/advisory_082006.132.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:185http://www.neosecurityteam.net/index.php?action=advisories&id=26http://www.securityfocus.com/archive/1/447649/100/0/threadedhttp://www.securityfocus.com/archive/1/448020/100/0/threadedhttp://www.securityfocus.com/archive/1/448953/100/0/threadedhttp://www.securityfocus.com/bid/20326http://www.turbolinux.com/security/2006/TLSA-2006-38.txthttp://www.vupen.com/english/advisories/2006/3901https://exchange.xforce.ibmcloud.com/vulnerabilities/29340
2006-10-10
Published