SecurityFocus

PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore() Sep 09 2006 10:24AM
cxib securityreason com (1 replies)

Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore() Sep 09 2006 04:48PM
Ä°smail DÃ¶nmez (ismail pardus org tr) (1 replies)

Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore() Sep 13 2006 05:55AM
Ryan Buena (dreamsbig gmail com)

When does php.net usually publish an official patched version on their
website, outside of cvs? One would think they should publish it soon
considering the vulnerability and exploit.

On 9/9/06, Ä°smail DÃ¶nmez <ismail (at) pardus.org (dot) tr [email concealed]> wrote:
> Hi,
> 9 EylÃ¼l 2006 Cumartesi 13:24 tarihinde, cxib (at) securityreason (dot) com [email concealed] Å?unlarÄ±
> yazmÄ±Å?tÄ±:
> > [PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()]
> >
> >
> > Author: Maksymilian Arciemowicz (cXIb8O3)
> > Date:
> > - Written: 05.09.2006
> > - Public: 09.09.2006
> > SecurityAlert Id: 42
> > CVE: CVE-2006-4625
> > SecurityRisk: High
> > Affected Software: PHP 5.1.6 / 4.4.4 < = x
> > Advisory URL: http://securityreason.com/achievement_securityalert/42
> > Vendor: http://www.php.net
> [...]
> > --- 2. How to fix ---
> > fixed in CVS HEAD, PHP_5_2, PHP_5_1 and PHP_4_4.
> >
> > http://cvs.php.net/viewcvs.cgi/php-src/NEWS
>
> Can you please tell exact CVS revision in your advisories, PHP.net doesn't
> care about vulnerabilities and its very hard to find the correct revision for
> the fix.
>
> Regards,
> ismail
> --
> ã?¢ã??ã?¡ã¯æ?¬å½?ã«ã?ã?ã?ã?ã?ã??ã?? !
>

[ reply ]