Bugtraq mailing list archives
Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()
From: İsmail Dönmez <ismail () pardus org tr>
Date: Sat, 9 Sep 2006 19:48:07 +0300
Hi, 9 Eylül 2006 Cumartesi 13:24 tarihinde, cxib () securityreason com şunları yazmıştı:
[PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()] Author: Maksymilian Arciemowicz (cXIb8O3) Date: - Written: 05.09.2006 - Public: 09.09.2006 SecurityAlert Id: 42 CVE: CVE-2006-4625 SecurityRisk: High Affected Software: PHP 5.1.6 / 4.4.4 < = x Advisory URL: http://securityreason.com/achievement_securityalert/42 Vendor: http://www.php.net
[...]
--- 2. How to fix --- fixed in CVS HEAD, PHP_5_2, PHP_5_1 and PHP_4_4. http://cvs.php.net/viewcvs.cgi/php-src/NEWS
Can you please tell exact CVS revision in your advisories, PHP.net doesn't care about vulnerabilities and its very hard to find the correct revision for the fix. Regards, ismail -- アニメは本当にすごいすぎるよ !
Current thread:
- PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore() cxib (Sep 09)
- Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore() İsmail Dönmez (Sep 11)
- Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore() Ryan Buena (Sep 13)
- Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore() İsmail Dönmez (Sep 11)