Candidate: CVE-2009-3559
PublicDate: 2009-11-23 17:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3559
Description:
 ** DISPUTED **  main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does
 not recognize the safe_mode_include_dir directive, which allows
 context-dependent attackers to have an unknown impact by triggering the
 failure of PHP scripts that perform include or require operations, as
 demonstrated by a script that attempts to perform a require_once on a file
 in a standard library directory.  NOTE: a reliable third party reports that
 this is not a vulnerability, because it results in a more restrictive
 security policy.
Ubuntu-Description:
Notes:
 mdeslaur> safe_mode, and disputed
 mdeslaur> 5.3.x only as per php bug report
Bugs:
 http://bugs.php.net/bug.php?id=50063
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_php5:
 upstream: http://svn.php.net/viewvc/?view=revision&revision=290578
upstream_php5: released (5.3.1)
dapper_php5: not-affected (5.1.2-1ubuntu3.15)
hardy_php5: not-affected (5.2.4-2ubuntu5.7)
intrepid_php5: not-affected (5.2.6-2ubuntu4.3)
jaunty_php5: not-affected (5.2.6.dfsg.1-3ubuntu4.2)
karmic_php5: not-affected (5.2.10.dfsg.1-2ubuntu6.1)
devel_php5: not-affected (5.2.11.dfsg.1-1ubuntu1)