Candidate: CVE-2008-5625
PublicDate: 2008-12-17 17:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5625
 http://www.php.net/ChangeLog-5.php#5.2.7
 http://securityreason.com/achievement_securityalert/57
 https://ubuntu.com/security/notices/USN-720-1
Description:
 PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions
 when safe_mode is enabled through a php_admin_flag setting in httpd.conf,
 which allows context-dependent attackers to write to arbitrary files by
 placing a "php_value error_log" entry in a .htaccess file.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_php5:
 upstream: http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?hideattic=0&r1=1.19.2.7.2.14&r2=1.19.2.7.2.15
 upstream: http://cvs.php.net/viewvc.cgi/php-src/sapi/apache2handler/apache_config.c?hideattic=0&r1=1.7.2.1.2.5&r2=1.7.2.1.2.6
upstream_php5: released (5.2.7)
dapper_php5: released (5.1.2-1ubuntu3.13)
gutsy_php5: released (5.2.3-1ubuntu6.5)
hardy_php5: released (5.2.4-2ubuntu5.5)
intrepid_php5: released (5.2.6-2ubuntu4.1)
devel_php5: released (5.2.6.dfsg.1-3ubuntu4)