CVE-2007-3007 - OpenCVE

PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Php	Php

Configuration 1 [-]

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.php.net/bug.php?id=41492
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
http://osvdb.org/36084
http://secunia.com/advisories/25456
http://secunia.com/advisories/26048
http://secunia.com/advisories/26231
http://secunia.com/advisories/27102
http://secunia.com/advisories/27110
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://www.php.net/releases/5_2_3.php
http://www.securityfocus.com/bid/24259
http://www.trustix.org/errata/2007/0023/
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-04T17:00:00

Updated: 2024-08-07T13:57:54.929Z

Reserved: 2007-06-04T00:00:00

Link: CVE-2007-3007

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2007-06-04T17:30:00.000

Modified: 2022-08-29T20:07:10.533

Link: CVE-2007-3007

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-24T00:00:00", "descriptions": [{"lang": "en", "value": "PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-06-15T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "26231", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26231"}, {"name": "27110", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27110"}, {"name": "26048", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26048"}, {"name": "GLSA-200710-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"}, {"name": "FEDORA-2007-2215", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html"}, {"name": "25456", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25456"}, {"name": "2007-0023", "tags": ["vendor-advisory", "x_refsource_TRUSTIX"], "url": "http://www.trustix.org/errata/2007/0023/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.php.net/releases/5_2_3.php"}, {"name": "24259", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24259"}, {"name": "27102", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27102"}, {"name": "36084", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36084"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.php.net/bug.php?id=41492"}, {"name": "SUSE-SA:2007:044", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3007", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "26231", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26231"}, {"name": "27110", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27110"}, {"name": "26048", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26048"}, {"name": "GLSA-200710-02", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"}, {"name": "FEDORA-2007-2215", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html"}, {"name": "25456", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25456"}, {"name": "2007-0023", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0023/"}, {"name": "http://www.php.net/releases/5_2_3.php", "refsource": "CONFIRM", "url": "http://www.php.net/releases/5_2_3.php"}, {"name": "24259", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24259"}, {"name": "27102", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27102"}, {"name": "36084", "refsource": "OSVDB", "url": "http://osvdb.org/36084"}, {"name": "http://bugs.php.net/bug.php?id=41492", "refsource": "CONFIRM", "url": "http://bugs.php.net/bug.php?id=41492"}, {"name": "SUSE-SA:2007:044", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:57:54.929Z"}, "title": "CVE Program Container", "references": [{"name": "26231", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26231"}, {"name": "27110", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27110"}, {"name": "26048", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26048"}, {"name": "GLSA-200710-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"}, {"name": "FEDORA-2007-2215", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html"}, {"name": "25456", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25456"}, {"name": "2007-0023", "tags": ["vendor-advisory", "x_refsource_TRUSTIX", "x_transferred"], "url": "http://www.trustix.org/errata/2007/0023/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.php.net/releases/5_2_3.php"}, {"name": "24259", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24259"}, {"name": "27102", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27102"}, {"name": "36084", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36084"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.php.net/bug.php?id=41492"}, {"name": "SUSE-SA:2007:044", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3007", "datePublished": "2007-06-04T17:00:00", "dateReserved": "2007-06-04T00:00:00", "dateUpdated": "2024-08-07T13:57:54.929Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "69E9B60B-CA92-4300-98B2-F86DFE2001DC", "versionEndExcluding": "5.2.3", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function."}, {"lang": "es", "value": "PHP versi\u00f3n 5 anterior a 5.2.3 no aplica la restricci\u00f3n open_basedir o safe_mode en ciertos casos, lo que permite a los atacantes dependiendo del contexto determinar la presencia de archivos arbitrarios mediante la comprobaci\u00f3n de si la funci\u00f3n readfile devuelve una cadena. NOTA: este problema tambi\u00e9n puede involucrar la funci\u00f3n realpath."}], "id": "CVE-2007-3007", "lastModified": "2022-08-29T20:07:10.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-04T17:30:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://bugs.php.net/bug.php?id=41492"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://osvdb.org/36084"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25456"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26048"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26231"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27102"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27110"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.php.net/releases/5_2_3.php"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/24259"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.trustix.org/errata/2007/0023/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1\nand http://www.php.net/security-note.php\n", "lastModified": "2007-06-07T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}