Vulnerability Details : CVE-2009-4018

Exploit prediction scoring system (EPSS) score for CVE-2009-4018

CVSS scores for CVE-2009-4018

CWE ids for CVE-2009-4018

• CWE-264
  Assigned by: [email protected] (Primary)

Vendor statements for CVE-2009-4018

• Red Hat 2009-11-30
  We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php

References for CVE-2009-4018

• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7256
• http://marc.info/?l=bugtraq&m=127680701405735&w=2
  CVEs referencing this url
• http://marc.info/?l=oss-security&m=125897935330618&w=2
  Patch
• http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360
  Patch
• http://svn.php.net/viewvc/?view=revision&revision=286360
  Patch
• http://www.openwall.com/lists/oss-security/2009/11/23/15
  Patch
• http://marc.info/?l=oss-security&m=125886770008678&w=2
  Patch
• http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
  CVEs referencing this url
• http://www.securityfocus.com/bid/37138
• http://bugs.php.net/bug.php?id=49026
  Exploit;Patch
• http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/proc_open.c?r1=286360&r2=286359&pathrev=286360
  Patch
• http://www.php.net/ChangeLog-5.php
  CVEs referencing this url
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:303
  CVEs referencing this url

Products affected by CVE-2009-4018

• PHP » PHP

  Versions up to, including, (<=) 5.2.10
  cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 1.0
  cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 2.0b10
  cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 2.0
  cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0
  cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.1
  cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.10
  cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.3
  cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.4
  cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.5
  cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.6
  cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.11
  cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.13
  cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.8
  cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.12
  cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.2
  cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.7
  cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.9
  cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0
  cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.1
  cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.3
  cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.4
  cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.5
  cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.6
  cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.1.0
  cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.1.1
  cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.1.2
  cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.16
  cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.1 Update Patch2
  cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.1 Update Patch1
  cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.7
  cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.17
  cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.18
  cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.15
  cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.3 Update Patch1
  cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.7 Update RC3
  cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.14
  cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.2
  cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.7 Update RC1
  cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.7 Update RC2
  cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.2.0
  cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.2.1
  cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.2.2
  cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.2.3
  cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.2 DEV Edition
  cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update Beta1
  cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update Beta3
  cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update Beta4
  cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update RC1
  cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update RC2
  cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.4 Update Patch1
  cpe:2.3:a:php:php:4.0.4:patch1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update Beta 4 Patch1
  cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update Beta2
  cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.0
  cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.1
  cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.6
  cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.2
  cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0 Update RC2
  cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0 Update RC3
  cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.3
  cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.5
  cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.6
  cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.7
  cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0 Update RC1
  cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.8
  cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.4
  cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.1
  cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.2
  cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.9
  cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.0
  cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.10
  cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.3
  cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.0
  cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.0
  cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.11
  cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.4
  cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.5
  cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.0 Update Beta1
  cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.0 Update Beta4
  cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.0 Update RC1
  cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.0 Update Beta2
  cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.0 Update Beta3
  cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.0 Update RC2
  cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.0 Update RC3
  cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.1
  cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.2
  cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.1.0
  cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.1.1
  cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.1.2
  cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.1.3
  cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.1.4
  cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.3
  cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.1.6
  cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.1.5
  cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.4
  cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.0
  cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.3.0
  cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.9
  cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.8
  cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.7
  cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.8
  cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.9
  cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.4
  cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.6
  cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.7
  cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.5
  cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.2
  cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.7 Update RC4
  cpe:2.3:a:php:php:4.0.7:rc4:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5
  cpe:2.3:a:php:php:5:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4
  cpe:2.3:a:php:php:4:*:*:*:*:*:*:*

  Matching versions