CVE-2006-5178

2006-10-1000:00:00

ubuntu.com

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

21.1%

JSON

Race condition in the symlink function in PHP 5.1.6 and earlier allows
local users to bypass the open_basedir restriction by using a combination
of symlink, mkdir, and unlink functions to change the file path after the
open_basedir check and before the file is opened by the underlying system,
as demonstrated by symlinking a symlink into a subdirectory, to point to a
parent directory via … (dot dot) sequences, and then unlinking the
resulting symlink.