BugTraq
PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore() Sep 09 2006 10:24AM
cxib securityreason com (1 replies)
Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore() Sep 09 2006 04:48PM
İsmail Dönmez (ismail pardus org tr) (1 replies)
Hi,
9 Eylül 2006 Cumartesi 13:24 tarihinde, cxib (at) securityreason (dot) com [email concealed] Å?unları
yazmıÅ?tı:
> [PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()]
>
>
> Author: Maksymilian Arciemowicz (cXIb8O3)
> Date:
> - Written: 05.09.2006
> - Public: 09.09.2006
> SecurityAlert Id: 42
> CVE: CVE-2006-4625
> SecurityRisk: High
> Affected Software: PHP 5.1.6 / 4.4.4 < = x
> Advisory URL: http://securityreason.com/achievement_securityalert/42
> Vendor: http://www.php.net
[...]
> --- 2. How to fix ---
> fixed in CVS HEAD, PHP_5_2, PHP_5_1 and PHP_4_4.
>
> http://cvs.php.net/viewcvs.cgi/php-src/NEWS

Can you please tell exact CVS revision in your advisories, PHP.net doesn't
care about vulnerabilities and its very hard to find the correct revision for
the fix.

Regards,
ismail
--
ã?¢ã??ã?¡ã¯æ?¬å½?にã?ã?ã?ã?ã?ã??ã?? !

[ reply ]
Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore() Sep 13 2006 05:55AM
Ryan Buena (dreamsbig gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus