129315 – dev-lang/php copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2 (CVE-2006-0996)

Bug 129315 - dev-lang/php copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2 (CVE-2006-0996)

Summary: dev-lang/php copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2 (CVE-2006-0996)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Highest minor (vote)
Assignee:	PHP Bugs

URL:	http://securityreason.com/achievement...
Whiteboard:	B3?
Keywords:

Depends on:	131135
Blocks:
	Show dependency tree

Reported:	2006-04-08 22:12 UTC by Jule Slootbeek
Modified:	2006-05-08 10:39 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jule Slootbeek 2006-04-08 22:12:26 UTC

As reported by SecurityReason on 2006/04/08

http://securityreason.com/achievement_securityalert/37

Priority is High, Local exploit in copy() function.

php team please verify.

Comment 1 Tavis Ormandy (RETIRED) gentoo-dev

2006-04-09 01:08:41 UTC

The security team does not usually handle safemode bugs

http://www.php.net/security-note.php

Comment 2 Luca Longinotti (RETIRED) gentoo-dev

2006-05-05 03:34:09 UTC

Fixed, see bug #131135 for stabilization instructions and then close this when that one is closed too.
Best regards, CHTEKK.

Comment 3 Jakub Moc (RETIRED) gentoo-dev

2006-05-08 10:39:21 UTC

Fixed with Bug 131135, closing this one.