PHP ini_restore() Apache httpd.conf Options Bypass

2006-10-10T09:04:36
ID OSVDB:29603
Type osvdb
Reporter OSVDB
Modified 2006-10-10T09:04:36

Description

Vulnerability Description

PHP contains a flaw that may allow a local user to bypass Apache configuration options. The issue is due to the ini_restore function resetting its value to the php.ini "Master Value" (default). This may allow an attacker to bypass the safe_mode and open_basedir restrictions.

Short Description

PHP contains a flaw that may allow a local user to bypass Apache configuration options. The issue is due to the ini_restore function resetting its value to the php.ini "Master Value" (default). This may allow an attacker to bypass the safe_mode and open_basedir restrictions.

References:

Vendor URL: http://www.php.net/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:25850 Secunia Advisory ID:25423 Secunia Advisory ID:22282 Secunia Advisory ID:22331 Secunia Advisory ID:22338 Secunia Advisory ID:22457 Secunia Advisory ID:22424 Other Advisory URL: http://securityreason.com/achievement_securityalert/42 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0149.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0363.html Keyword: HPSBTU02232,SSRT071429 Keyword: HPSBMA02215,SSRT071423 Keyword: HPSBTU02232,SSRT071429,c01086137 ISS X-Force ID: 28853 CVE-2006-4625 Bugtraq ID: 19933