Debian Bug report logs -
#391281
CVE-2006-4625: PHP Ini_Restore() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Thu, 5 Oct 2006 19:49:04 UTC
Severity: important
Tags: security
Found in version php5/5.1.6-2
Fixed in version 5.2.0-1
Done: sean finney <seanius@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#391281; Package libapache2-mod-php5.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libapache2-mod-php5
Version: 5.1.6-2
Severity: important
Tags: security
This is still unfixed:
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass
certain Apache HTTP Server httpd.conf options, such as safe_mode and
open_basedir, via the ini_restore function, which resets the values to
their php.ini (Master Value) defaults.
Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#391281; Package libapache2-mod-php5.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Message #10 received at 391281@bugs.debian.org (full text, mbox, reply):
CVE-2006-5178:
Race condition in the symlink function in PHP 5.1.6 and earlier allows
local users to bypass the open_basedir restriction by using a
combination of symlink, mkdir, and unlink functions to change the file
path after the open_basedir check and before the file is opened by the
underlying system, as demonstrated by symlinking a symlink into a
subdirectory, to point to a parent directory via .. (dot dot)
sequences, and then unlinking the resulting symlink.
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#391281; Package libapache2-mod-php5.
(Sat, 17 Jan 2009 21:51:08 GMT) (full text, mbox, link).
Acknowledgement sent
to <user@mail.com>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Sat, 17 Jan 2009 21:51:08 GMT) (full text, mbox, link).
Message #15 received at 391281@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
http://www.ceralacca.eu
[Banner ceralacca.jpg (image/jpeg, attachment)]
Reply sent
to sean finney <seanius@debian.org>:
You have taken responsibility.
(Mon, 18 May 2009 20:18:09 GMT) (full text, mbox, link).
Notification sent
to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer.
(Mon, 18 May 2009 20:18:09 GMT) (full text, mbox, link).
Message #20 received at 391281-close@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 5.2.0-1
this one was fixed a while ago :)
--
[signature.asc (application/pgp-signature, inline)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 16 Jun 2009 07:34:00 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:27:34 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon
