- Add a note to php-posix entry, that

safe_mode is considred to be insecure by FreeBSD Security Team. - Add <code> blocks around function names. Suggested by: simon
svn path=/head/; revision=215533
2024-11-27 00:57:50 +00:00 · 2008-06-22 18:21:32 +00:00 · 2008-06-22 18:21:32 +00:00 · aafe20bfda · 2021-03-31 03:12:20 +00:00
commit aafe20bfda
parent 42c3db6e9d
1 changed files with 8 additions and 3 deletions
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -46,11 +46,15 @@ Note:  Please add new entries to the beginning of this file.
      <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>According to Maksymilian Arciemowicz research,
 	  it is possible to bypass security restrictions
-	  of safe_mode in posix_access() function via
+	  of safe_mode in <code>posix_access()</code> function via
 	  directory traversal vulnerability. The attacker
 	  can use this attack to gain access to sensitive
-	  information. Other functions utilizing expand_filepath()
-	  may be affected.</p>
+	  information. Other functions utilizing
+	  <code>expand_filepath()</code> may be affected.</p>
+	<p>It should be noted that this vulnerability is not
+	  considered to be serious by the FreeBSD Security Team,
+	  since <code>safe_mode</code> and <code>open_basedir</code>
+	  are insecure by design and should not be relied upon.</p>
      </body>
    </description>
    <references>
@ -61,6 +65,7 @@ Note:  Please add new entries to the beginning of this file.
    <dates>
      <discovery>2008-06-17</discovery>
      <entry>2008-06-22</entry>
+      <modified>2008-06-22</modified>
    </dates>
  </vuln>