==================================================== Subject: PHP4 cURL functions bypass open_basedir Author: frame at kernelpanik.org Product: PHP4 compile with cURL (not tested in PHP5) Vendor: PHP/Zend Vendor URL: www.php.net Tipe: Local Risk: Low/Medium ===================================================== PHP cURL functions bypass open_basedir protection, so users can navigate through filesystem. For example, setting "open_basedir" in php.ini to "/var/www/html" anybody can retrieve "/etc/parla" using cURL functions. == Proof of concept (curl.php) == Demo $ cat /etc/parla don't read please! $ links -dump http://localhost/curltest/curl.php don't read please! == Release Timeline No release timeline. -- FraMe http://www.kernelpanik.org