[php-maint] Bug#453295: three more CVEs

Steffen Joeris steffen.joeris at skolelinux.de
Wed Nov 28 12:16:35 UTC 2007


There were three more CVEs[0][1][2] issued for php5.


PHP before 5.2.5 allows local users to bypass protection mechanisms configured 
through php_admin_value or php_admin_flag in httpd.conf by using ini_set to 
modify arbitrary configuration variables, a different issue than 


The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 
accept partial multibyte sequences, which has unknown impact and attack 
vectors, a different issue than CVE-2006-5465. 


The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms 
in which the ACTION attribute references a non-local URL, which allows remote 
attackers to obtain potentially sensitive information by reading the requests 
for this URL, as demonstrated by a rewritten form containing a local session 


[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5900

[1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5898

[2]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5899
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20071128/9f7f21d8/attachment.pgp 

More information about the pkg-php-maint mailing list