Multiple vulnerabilities have been identified in PHP, which could be exploited by attackers to cause a denial of service or bypass security restrictions.

The first issue is caused by an error in "tempnam()", which could be exploited to bypass "safe_mode".

The second vulnerability is caused by an error in "posix_mkfifo()", which could be exploited to bypass "open_basedir" restrictions.

The third issue is caused due to PHP not limiting the the maximum number of file uploads per-request, which could be exploited to cause a denial of service via temporary file exhaustion.

The fourth vulnerability is caused by errors related to "$_SESSION" handling and "session.save_path" checks.

The fifth issue is caused by input validation errors in the "htmlspecialchars()" function, which could be exploited to bypass restrictions and conduct cross site scripting.

Affected Products

PHP versions prior to 5.2.12

Solution

Upgrade to PHP version 5.2.12 :
http://www.php.net/downloads.php

References

http://www.vupen.com/english/advisories/2009/3593
http://www.php.net/releases/5_2_12.php

Credits

Vulnerabilities reported by Grzegorz Stachowiak, Bogdan Calin, Stefan Esser and Moriyoshi.

Changelog

2009-12-18 : Initial release

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.