PT-2013-12: open_basedir bypass in PHP
Version: 5.4.12/5.3.22 and earlier
Severity level: High
Impact: open_basedir bypass
Access Vector: Remote
Base Score: 7.5
PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.
The specialists of Positive Technologies have detected bypass of the configuration directive "open_basedir" in PHP.
The vulnerability was detected in the PHP's built-in SoapClient class. PHP does not validate the configration directive "soap.wsdl_cache_dir" before writing SOAP wsdl cache files to the filesystem. Thus an attacker is able to write remote wsdl files to arbitrary locations.
How to fix
Update your software up to the latest version.
07.02.2013 - Vendor gets vulnerability details
14.03.2013 - Vendor releases fixed version and details
19.03.2013 - Public disclosure
The vulnerability was discovered by Arseniy Reutov, Positive Research Center (Positive Technologies Company)
Reports on the vulnerabilities previously discovered by Positive Research: