Miggo Logo
Miggo Vulnerability Database
CVE-2009-5054

CVE-2009-5054: Smarty Does Not Consider Umask Values When Setting Permissions

N/A

CVSS Score

Basic Information

CVE ID
CVE-2009-5054
GHSA ID
GHSA-6m9f-8vwq-97pm
EPSS Score
0.23784%
CWE
CWE-281
Published
5/2/2022
Updated
2/8/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
smarty/smartycomposer< 3.0.0-beta43.0.0-beta4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from Smarty's file creation process not accounting for the system umask. The writeFile function is responsible for writing template cache/compile files and historically used hardcoded 0666 permissions. Since PHP's chmod() operates in absolute mode (overriding umask), this would leave files with permissions of (0666 & ~umask) instead of properly restricting them via (default_permissions & umask). The patched version would subtract the umask from the desired permissions, which aligns with the vulnerability description and CWE-281's improper permission preservation context.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Sm*rty ***or* *.*.* **t* * *o*s not *onsi**r t** um*sk v*lu* w**n s*ttin* t** p*rmissions o* *il*s, w*i** mi**t *llow *tt**k*rs to *yp*ss int*n*** ****ss r*stri*tions vi* st*n**r* *il*syst*m op*r*tions.

Reasoning

T** vuln*r**ility st*ms *rom Sm*rty's *il* *r**tion pro**ss not ***ountin* *or t** syst*m um*sk. T** writ**il* *un*tion is r*sponsi*l* *or writin* t*mpl*t* *****/*ompil* *il*s *n* *istori**lly us** **r**o*** **** p*rmissions. Sin** P*P's **mo*() op*r