acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.
index 448659f..25f3655 100644 (file)
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -1711,7 +1711,7 @@ int main(int argc, char *argv[])
{
FILE *fp;
long position;
- char *filename = "/tmp/phpglibccheck";
+ char *filename = tmpnam(NULL);
fp = fopen(filename, "w");
if (fp == NULL) {