PHP .Htaccess Safe_Mode and Open_Basedir Restriction-Bypass Vulnerability

PHP .Htaccess Safe_Mode and Open_Basedir Restriction-Bypass Vulnerability

References:

PHP 5.2.4 Release Announcement (PHP)
PHP Project (PHP)
PHP Version 5.2.4 Changelog (PHP)
[security bulletin] HPSBUX02332 SSRT080056 rev.2 - HP-UX Running Apache With PHP (security-alert@hp.com)
PHP 4/5 htaccess safemode and open_basedir Bypass (Maksymilian Arciemowicz)
TSLSA-2007-0026 - multi (Trustix)
HPSBUX02308 SSRT080010 rev.1 - HP-UX Running Apache, Remote Execution of Arbitra (HP)
PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass (SecurityReason)

Privacy Statement
Copyright 2010, SecurityFocus