Permissions, Privileges, and Access Controls in php (Alpine package)

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU32704

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2013-1635

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

php (Alpine package): 5.3.3-r0 - 5.3.18-r0

CPE2.3

• cpe:2.3:o:alpine:php_alpine_package:5.3.3-r0:*:*:*:*:alpine_linux:*:1.10
• cpe:2.3:o:alpine:php_alpine_package:5.3.3-r2:*:*:*:*:alpine_linux:*:1.10
• cpe:2.3:o:alpine:php_alpine_package:5.3.3-r3:*:*:*:*:alpine_linux:*:1.10

External links

https://git.alpinelinux.org/aports/commit/?id=0b87ff7e2a869d1cf5d50c94b58397b7f4742096
https://git.alpinelinux.org/aports/commit/?id=f5b55e3ab4dd0db33562854107a7393e8e75db6d
https://git.alpinelinux.org/aports/commit/?id=27fdd4129d481f98cce20bd6a6b5053497780a5c
https://git.alpinelinux.org/aports/commit/?id=655b4d53843b6c3fd82effb4f81fdf08a1bf7fc1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.