CVE-2006-5178: CVE-2006-5178

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-5178

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

PHP符号链接绕过open_basedir功能安全限制漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP在检查和处理文件访问路径时存在漏洞，本地攻击者可能利用此漏洞非授权访问文件。 PHP的open_basedir功能可以禁止脚本访问所配置的基础目录以外的文件。这个检查是在处理文件的PHP函数在实际的打开调用发生之前执行的。在检查和实际打开调用之间有一个时间差，而攻击者可以利用这个时间差更改所检查的路径，指向open_basedir限制所禁止访问的文件。尽管很难利用这个时间差更改路径，但攻击者可以使用symlink()函

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2006-5178

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2006-5178

Please Login to view more intelligence information

http://www.hardened-php.net/advisory_082006.132.htmlx_refsource_MISC
http://www.neosecurityteam.net/index.php?action=advisories&id=26x_refsource_MISC
http://securityreason.com/securityalert/1692third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/bid/20326vdb-entryx_refsource_BID
http://secunia.com/advisories/22424third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/22235third-party-advisoryx_refsource_SECUNIA
http://securitytracker.com/id?1016977vdb-entryx_refsource_SECTRACK
http://www.turbolinux.com/security/2006/TLSA-2006-38.txtvendor-advisoryx_refsource_TURBO
http://www.vupen.com/english/advisories/2006/3901vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/archive/1/448953/100/0/threadedvendor-advisoryx_refsource_OPENPKG
https://exchange.xforce.ibmcloud.com/vulnerabilities/29340vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/447649/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049850.htmlmailing-listx_refsource_FULLDISC
http://www.securityfocus.com/archive/1/448020/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2006-5178

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2006-5178

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2006-5178

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2006-5178

III. Intelligence Information for CVE-2006-5178

IV. Related Vulnerabilities

V. Comments for CVE-2006-5178

Leave a comment