|
|
CVE Reference: CVE-2008-5625 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-5625 |
|
|
Description: PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/47314 SREASONRES http://securityreason.com/achievement_securityalert/57 SAID Secunia Advisory: SA35650 OSVDB 52205 MILW0RM http://www.milw0rm.com/exploits/7171 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2009:045 HP http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://marc.info/?l=bugtraq&m=124654546101607&w=2 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0035 http://www.php.net/ChangeLog-5.php#5.2.7 BUGTRAQ http://archives.neohapsis.com/archives/bugtraq/2008-11/0152.html http://www.securityfocus.com/archive/1/archive/1/501376/100/0/threaded BID 32383 |
|
| Return to the previous page. |
