1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Candidate: CVE-2008-5625
PublicDate: 2008-12-17
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5625
http://www.php.net/ChangeLog-5.php#5.2.7
http://securityreason.com/achievement_securityalert/57
http://www.ubuntu.com/usn/usn-720-1
Description:
PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions
when safe_mode is enabled through a php_admin_flag setting in httpd.conf,
which allows context-dependent attackers to write to arbitrary files by
placing a "php_value error_log" entry in a .htaccess file.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
Patches_php5:
upstream: http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?hideattic=0&r1=1.19.2.7.2.14&r2=1.19.2.7.2.15
upstream: http://cvs.php.net/viewvc.cgi/php-src/sapi/apache2handler/apache_config.c?hideattic=0&r1=1.7.2.1.2.5&r2=1.7.2.1.2.6
upstream_php5: released (5.2.7)
dapper_php5: released (5.1.2-1ubuntu3.13)
gutsy_php5: released (5.2.3-1ubuntu6.5)
hardy_php5: released (5.2.4-2ubuntu5.5)
intrepid_php5: released (5.2.6-2ubuntu4.1)
devel_php5: released (5.2.6.dfsg.1-3ubuntu4)
|