[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2006-4625 Vulnerability not fixed on libapache2-mod-php4.3.10-20

* Etienne Carriere:

> I discovered yesterday that on a server it is possible to override the
> php_admin_value statements .After some researches,this correspond to the
> CVE-2006-4625 vulnerability.I search in the DSA between Sept 2006 and
> nowadays and I found no quotation about the fixation of the hole for php4 .

This is just an issue with untrusted PHP scripts.  Debian security
support does not extend to this scenario because PHP's "Safe Mode" is
unsafe by design.

Reply to: