[php-maint] Bug#354684: PHP4 in Sarge appears vulnerable to CVE-2005-3319

Nick Jenkins nickpj at gmail.com
Tue Feb 28 04:29:55 UTC 2006

Package: php4
Version: 4:4.3.10-16
Severity: normal
Tags: security


 Local Denial of Service through the use of the session.save_path option.
  The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php)
  for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers
 to cause a denial of service (segmentation fault) via the session.save_path
  option in a .htaccess file or VirtualHost.

Vulnerable PHP versions:
  PHP before 4.4.1 (according to CVE)

More information about the pkg-php-maint mailing list