CVE-2004-1064

Name of the Vulnerable Software and Affected Versions: PHP versions 4.x through 4.3.9 PHP versions 5.x through 5.0.2 PHP versions prior to 4.3.10 PHP versions prior to 5.0.3

Description: The issue allows attackers to bypass safe mode in PHP due to the truncation of the file path before passing the data to the realpath function. Several vulnerabilities were discovered within PHP, including buffer overflow, information leak, path truncation, and safe mode restriction bypass vulnerabilities. These vulnerabilities affect various functions such as pack(), unpack(), and unserialize().

Recommendations: For PHP versions 4.x through 4.3.9, update to version 4.3.10 or later. For PHP versions 5.x through 5.0.2, update to version 5.0.3 or later. As a temporary workaround, consider restricting access to the realpath() function and the safe mode exec dir until a patch is available. Avoid using the pack() and unpack() functions with untrusted input until the issue is resolved. Restrict the use of the unserialize() function with untrusted data to minimize the risk of exploitation.