php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #38804 bypass php_admin_value configuration
Submitted: 2006-09-13 11:02 UTC Modified: 2006-09-13 11:50 UTC
From: youza at post dot cz Assigned:
Status: Closed Package: Safe Mode/open_basedir
PHP Version: 4.4.4 OS: Linux Fedora FC4
Private report: No CVE-ID:
 [2006-09-13 11:02 UTC] youza at post dot cz
Description:
------------
http://securityreason.com/achievement_securityalert/42
http://www.securityfocus.com/archive/1/445651/30/30/threaded

[PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()]
Author: Maksymilian Arciemowicz (cXIb8O3)

Date:
- - Written: 05.09.2006
- - Public: 09.09.2006

SecurityAlert Id: 42
CVE: CVE-2006-4625
SecurityRisk: High
Affected Software: PHP 5.1.6 / 4.4.4 < = x
Advisory URL: http://securityreason.com/achievement_securityalert/42



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-09-13 11:07 UTC] tony2001@php.net
Fixed in CVS a week ago.
 [2006-09-13 11:41 UTC] youza at post dot cz
Hmm,  i not find this  - and News file doesnt it.
Nefs file from (http://snaps.php.net/)
php4 (tar.gz) (5.3M)  Built On: Sep 13, 2006 10:30 

?? ??? 2006, Version 4.4.5
- Updated PCRE to version 6.7. (Ilia)
- Fixed bug #38534 (segfault when calling setlocale() in userspace session
  handler). (Tony)
- Fixed bug #38450 (constructor is not called for classes used in userspace
  stream wrappers). (Tony)
- Fixed bug #38378 (wddx_serialize_value() generates no wellformed xml). 
  (sj at sjaensch dot org, grzegorz dot nosek at netart dot pl, Tony).
- Fixed bug #37812 (aggregate_methods_by_list fails to take certain methods).
  (Hannes)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Wed Jun 28 01:01:41 2017 UTC