php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #38804 bypass php_admin_value configuration
Submitted: 2006-09-13 11:02 UTC Modified: 2006-09-13 11:50 UTC
From: youza at post dot cz Assigned:
Status: Closed Package: Safe Mode/open_basedir
PHP Version: 4.4.4 OS: Linux Fedora FC4
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: youza at post dot cz
New email:
PHP Version: OS:

 

 [2006-09-13 11:02 UTC] youza at post dot cz 
Description:
------------
http://securityreason.com/achievement_securityalert/42
http://www.securityfocus.com/archive/1/445651/30/30/threaded

[PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()]
Author: Maksymilian Arciemowicz (cXIb8O3)

Date:
- - Written: 05.09.2006
- - Public: 09.09.2006

SecurityAlert Id: 42
CVE: CVE-2006-4625
SecurityRisk: High
Affected Software: PHP 5.1.6 / 4.4.4 < = x
Advisory URL: http://securityreason.com/achievement_securityalert/42

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-09-13 11:07 UTC] tony2001@php.net 
Fixed in CVS a week ago.
 [2006-09-13 11:41 UTC] youza at post dot cz 
Hmm,  i not find this  - and News file doesnt it.
Nefs file from (http://snaps.php.net/)
php4 (tar.gz) (5.3M)  Built On: Sep 13, 2006 10:30 

?? ??? 2006, Version 4.4.5
- Updated PCRE to version 6.7. (Ilia)
- Fixed bug #38534 (segfault when calling setlocale() in userspace session
  handler). (Tony)
- Fixed bug #38450 (constructor is not called for classes used in userspace
  stream wrappers). (Tony)
- Fixed bug #38378 (wddx_serialize_value() generates no wellformed xml). 
  (sj at sjaensch dot org, grzegorz dot nosek at netart dot pl, Tony).
- Fixed bug #37812 (aggregate_methods_by_list fails to take certain methods).
  (Hannes)
 [2006-09-13 11:50 UTC] tony2001@php.net 
http://news.php.net/php.zend-engine.cvs/5230
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Apr 26 21:01:27 2025 UTC