CVE ID:	CVE-2009-4018
Description:	The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4018 http://marc.info/?l=oss-security&m=125886770008678&w=2 http://marc.info/?l=oss-security&m=125897935330618&w=2 http://www.openwall.com/lists/oss-security/2009/11/23/15 HPdes Security Advisory: HPSBUX02543 http://marc.info/?l=bugtraq&m=127680701405735&w=2 HPdes Security Advisory: SSRT100152 http://marc.info/?l=bugtraq&m=127680701405735&w=2 HPdes Security Advisory: HPSBMA02568 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 HPdes Security Advisory: SSRT100219 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 http://www.mandriva.com/security/advisories?name=MDVSA-2009:303 BugTraq ID: 37138 http://www.securityfocus.com/bid/37138 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7256 http://secunia.com/advisories/40262 http://secunia.com/advisories/41480 http://secunia.com/advisories/41490

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: