National Cyber-Alert System

Vulnerability Summary for CVE-2006-4625

Overview

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

Vendor Statments (disclaimer)

Official Statement from Red Hat (09/20/2006)

We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: SREASONRES

Name: 20060909 PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()

Type: Patch Information

Hyperlink:http://securityreason.com/achievement_securityalert/42

External Source: BID

Name: 19933

Hyperlink:http://www.securityfocus.com/bid/19933

External Source: BUGTRAQ

Name: 20060909 Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()

Type: Advisory

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/445712/100/0/threaded

External Source: XF

Name: php-inirestore-security-bypass(28853)

Hyperlink:http://xforce.iss.net/xforce/xfdb/28853

External Source: UBUNTU

Name: USN-362-1

Hyperlink:http://www.ubuntu.com/usn/usn-362-1

External Source: TURBO

Name: TLSA-2006-38

Hyperlink:http://www.turbolinux.com/security/2006/TLSA-2006-38.txt

External Source: OPENPKG

Name: OpenPKG-SA-2006.023

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/448953/100/0/threaded

External Source: BUGTRAQ

Name: 20060913 Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/445882/100/0/threaded

External Source: MANDRIVA

Name: MDKSA-2006:185

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2006:185

External Source: VUPEN

Name: ADV-2007-2374

Hyperlink:http://www.frsirt.com/english/advisories/2007/2374

External Source: VUPEN

Name: ADV-2007-1991

Hyperlink:http://www.frsirt.com/english/advisories/2007/1991

External Source: SREASON

Name: 1519

Hyperlink:http://securityreason.com/securityalert/1519

External Source: SECUNIA

Name: 25850

Hyperlink:http://secunia.com/advisories/25850

External Source: SECUNIA

Name: 25423

Hyperlink:http://secunia.com/advisories/25423

External Source: SECUNIA

Name: 22424

Hyperlink:http://secunia.com/advisories/22424

External Source: SECUNIA

Name: 22338

Hyperlink:http://secunia.com/advisories/22338

External Source: SECUNIA

Name: 22331

Hyperlink:http://secunia.com/advisories/22331

External Source: SECUNIA

Name: 22282

Hyperlink:http://secunia.com/advisories/22282

External Source: SUSE

Name: SUSE-SA:2006:059

Hyperlink:http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html

External Source: HP

Name: HPSBTU02232

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137

External Source: HP

Name: SSRT071423

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506

External Source: MANDRIVA

Name: MDKSA-2006:185

Hyperlink:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:185