[php-maint] Bug#354681: PHP4 in Sarge appears vulnerable to CVE-2005-3392

Nick Jenkins nickpj at gmail.com
Tue Feb 28 04:27:44 UTC 2006

Package: php4
Version: 4:4.3.10-16
Severity: normal
Tags: security


 An issue with calling virtual() on Apache 2, allowing to bypass safe_mode and
 open_basedir restrictions.
 Unspecified vulnerability in PHP before 4.4.1, when using the virtual function
 on Apache 2, allows remote attackers to bypass safe_mode and
open_basedir directives.

Vulnerable PHP versions:
  PHP before 4.4.1 (according to CVE)

More information about the pkg-php-maint mailing list