[php-maint] Bug#354684: PHP4 in Sarge appears vulnerable to
CVE-2005-3319
Nick Jenkins
nickpj at gmail.com
Tue Feb 28 04:29:55 UTC 2006
Package: php4
Version: 4:4.3.10-16
Severity: normal
Tags: security
Ref:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3319
Description:
Local Denial of Service through the use of the session.save_path option.
The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php)
for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers
to cause a denial of service (segmentation fault) via the session.save_path
option in a .htaccess file or VirtualHost.
Vulnerable PHP versions:
PHP before 4.4.1 (according to CVE)
More information about the pkg-php-maint
mailing list