CVE-2012-1171

NameCVE-2012-1171
DescriptionThe libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php5 (PTS)jessie5.6.33+dfsg-0+deb8u1vulnerable
jessie (security)5.6.37+dfsg-0+deb8u1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php5source(unstable)(unfixed)unimportant

Notes

according to php's security statement, safemode bypass issues are not treated as security-relevant

Search for package or bug name: Reporting problems