Red Hat Bugzilla – Bug 147811
CAN-2004-1392 php curl open_basedir bypass
Last modified: 2007-11-30 17:11:00 EST
*** This bug has been split off bug 147808 ***
------- Original comment by Josh Bressers (Security Response Team) on 2005.02.11
PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir
setting and read arbitrary files via a file: URL argument to the curl_init function.
You can verify this issue with this simple php example.
$ch = curl_init("file:///etc/parla");
The fix for this issue is attachment 110975 [details]
This issue should also effect FC2
Should also affect RHEL 2.1 and 3.
Fixed in 4.3.11 update, thanks for the report: