[php-maint] Bug#391282: CVE-2006-4625: PHP Ini_Restore() Safe_Mode
and Open_Basedir Restriction Bypass Vulnerability
Stefan Fritsch
sf at sfritsch.de
Thu Oct 5 19:43:46 UTC 2006
Package: libapache2-mod-php4
Severity: important
Tags: security
This is still unfixed:
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass
certain Apache HTTP Server httpd.conf options, such as safe_mode and
open_basedir, via the ini_restore function, which resets the values to
their php.ini (Master Value) defaults.
More information about the pkg-php-maint
mailing list