[php-maint] Bug#354681: PHP4 in Sarge appears vulnerable to
CVE-2005-3392
Nick Jenkins
nickpj at gmail.com
Tue Feb 28 04:27:44 UTC 2006
Package: php4
Version: 4:4.3.10-16
Severity: normal
Tags: security
Ref:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3392
Description:
An issue with calling virtual() on Apache 2, allowing to bypass safe_mode and
open_basedir restrictions.
Unspecified vulnerability in PHP before 4.4.1, when using the virtual function
on Apache 2, allows remote attackers to bypass safe_mode and
open_basedir directives.
Vulnerable PHP versions:
PHP before 4.4.1 (according to CVE)
More information about the pkg-php-maint
mailing list