CVE-2006-2660

Name of the Vulnerable Software and Affected Versions PHP versions 4.x through 4.4.2 PHP version 5.1.4

Description A buffer consumption issue in the tempnam function allows local users to bypass restrictions and create PHP files with fixed names in other directories. This is achieved by providing a pathname argument longer than MAXPATHLEN, preventing a unique string from being appended to the filename.

Recommendations For PHP versions 4.x through 4.4.2, update to version 4.4.3 or later to resolve the issue. For PHP version 5.1.4, update to a newer version that includes the fix for this issue. As a temporary workaround, consider restricting the use of the tempnam function until a patch is available.