[php-maint] Bug#391281: CVE-2006-4625: PHP Ini_Restore() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability

Stefan Fritsch sf at sfritsch.de
Thu Oct 5 19:41:29 UTC 2006

Package: libapache2-mod-php5
Version: 5.1.6-2
Severity: important
Tags: security

This is still unfixed:

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass
certain Apache HTTP Server httpd.conf options, such as safe_mode and
open_basedir, via the ini_restore function, which resets the values to
their php.ini (Master Value) defaults.

More information about the pkg-php-maint mailing list