CVE-2005-3054

Publication date 26 September 2005

Last updated 24 July 2024

Ubuntu priority

fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
php4	7.04 feisty	Not in release
	6.10 edgy	Fixed 4.4.2-1build1
	6.06 LTS dapper	Fixed 4.4.2-1build1
php5	7.04 feisty	Fixed 5.2.1-0ubuntu1.4
	6.10 edgy	Fixed 5.1.6-1ubuntu2.6
	6.06 LTS dapper	Fixed 5.1.2-1ubuntu3.9

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-207-1
PHP vulnerability
17 October 2005

Other references

https://www.cve.org/CVERecord?id=CVE-2005-3054