[N]eo [S]ecurity [T]eam [NST] - Advisory #26 - 09/10/06: PHP open_basedir with symlink() function Race Condition PoC exploit
3d6c97cd14685b745e27d10b816d854d072ba35a54e70ed6389a075424b9ec70
Hardened-PHP Project Security Advisory - PHP's open_basedir feature is meant to disallow scripts to access files outside a set of configured base directories. The checks for this are placed within PHP functions dealing with files before the actual open call is performed. Obviously there is a little span of time between the check and the actual open call. During this time span the checked path could have been altered and point to a file that is forbidden to be accessed due to open_basedir restrictions. PHP versions 4 and 5 are affected by this.
30b69580586034b39009158f223a863097c8ed27da275370e8a21b78400ad543