Full Disclosure mailing list archives
Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()
From: Tonnerre Lombard <tonnerre.lombard () sygroup ch>
Date: Tue, 12 Sep 2006 09:52:29 +0200
Salut, On Sat, 2006-09-09 at 12:30 +0200, Maksymilian Arciemowicz wrote:
Source: http://securityreason.com/achievement_securityalert/42
This is a copy of this mail...
CVE: CVE-2006-4625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4625 says ERROR: Couldn't find 'CVE-2006-4625'
fixed in CVS HEAD, PHP_5_2, PHP_5_1 and PHP_4_4. http://cvs.php.net/viewcvs.cgi/php-src/NEWS
I can't seem to find any hint to the exact fix there. Could you please be any more specific? It looks like the ini_restore function was last touched in 5.1.4. Tonnerre -- SyGroup GmbH Tonnerre Lombard Loesungen mit System Tel:+41 61 333 80 33 Roeschenzerstrasse 9 Fax:+41 61 383 14 67 4153 Reinach BL Web:www.sygroup.ch tonnerre.lombard () sygroup ch
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore() Maksymilian Arciemowicz (Sep 09)
- Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore() Tonnerre Lombard (Sep 12)