CVE-2005-3389
Publication date 1 November 2005
Last updated 24 July 2024
Ubuntu priority
The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.
Status
Package | Ubuntu Release | Status |
---|---|---|
php4 | 7.04 feisty | Not in release |
6.10 edgy |
Fixed 4.4.2-1build1
|
|
6.06 LTS dapper |
Fixed 4.4.2-1build1
|
|
php5 | 7.04 feisty |
Fixed 5.2.1-0ubuntu1.4
|
6.10 edgy |
Fixed 5.1.6-1ubuntu2.6
|
|
6.06 LTS dapper |
Fixed 5.1.2-1ubuntu3.9
|