CVE-2008-5624
Published: 17 December 2008
PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting of /etc for the error_log variable.
Notes
| Author | Note |
|---|---|
| mdeslaur | the second upstream patch is for apache 1.x sapi apache 1.x is still in Dapper, so we better include it |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
php4 Launchpad, Ubuntu, Debian |
karmic |
Does not exist
|
| dapper |
Ignored
(end of life)
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
php5 Launchpad, Ubuntu, Debian |
dapper |
Released
(5.1.2-1ubuntu3.13)
|
| gutsy |
Released
(5.2.3-1ubuntu6.5)
|
|
| hardy |
Released
(5.2.4-2ubuntu5.5)
|
|
| intrepid |
Released
(5.2.6-2ubuntu4.1)
|
|
| jaunty |
Not vulnerable
(5.2.6.dfsg.1-3ubuntu2)
|
|
| karmic |
Not vulnerable
(5.2.6.dfsg.1-3ubuntu2)
|
|
| upstream |
Released
(5.2.6.dfsg.1-1)
|
|
|
Patches: vendor: http://patch-tracking.debian.net/patch/series/view/php5/5.2.6.dfsg.1-2/BG-initializing-fix.patch upstream: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.725.2.31.2.78&r2=1.725.2.31.2.79&diff_format=u upstream: http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?r1=1.19.2.7.2.15&r2=1.19.2.7.2.16&diff_format=u |
||