Launchpad CVE tracker

CVE 2009-3557

The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.

Related bugs and status

CVE-2009-3557 (Candidate) is related to these bugs:

Bug #239513: [SRU] stack smashing detected when calling xmlrpc_set_type

		In	Importance	Status
239513	[SRU] stack smashing detected when calling xmlrpc_set_type	php5 (Ubuntu)	Undecided	Fix Released
239513	[SRU] stack smashing detected when calling xmlrpc_set_type	php	Unknown	Unknown
239513	[SRU] stack smashing detected when calling xmlrpc_set_type	php5 (Ubuntu Hardy)	Undecided	Fix Released
239513	[SRU] stack smashing detected when calling xmlrpc_set_type	php5 (Ubuntu Intrepid)	Undecided	Fix Released
239513	[SRU] stack smashing detected when calling xmlrpc_set_type	php5 (Ubuntu Jaunty)	Undecided	Fix Released

Bug #446313: [ffe] security upgrade to php 5.2.11

Summary				In	Importance	Status
	446313	[ffe] security upgrade to php 5.2.11		php5 (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-3557

References