I discovered yesterday that on a server it is possible to override the php_admin_value statements .After some researches,this correspond to the CVE-2006-4625 vulnerability.I search in the DSA between Sept 2006 and nowadays and I found no quotation about the fixation of the hole for php4 .
You will find attached a patch to this hole . Best Regards, Etienne Carriere P.S : As I did not know the right manner to report a security bug, I also open an BTS entry : #424937 .
--- Zend/zend_ini.c.old 2007-05-18 18:52:20.000000000 +0200
+++ Zend/zend_ini.c 2007-05-18 18:52:59.000000000 +0200
@@ -241,8 +241,8 @@
{
zend_ini_entry *ini_entry;
TSRMLS_FETCH();
-
- if (zend_hash_find(EG(ini_directives), name, name_length, (void **) &ini_entry)==FAILURE) {
+ if (zend_hash_find(EG(ini_directives), name, name_length, (void**) &ini_entry)==FAILURE ||
+ (stage == ZEND_INI_STAGE_RUNTIME && (ini_entry->modifyable & ZEND_INI_USER) == 0)){
return FAILURE;
}
signature.asc
Description: OpenPGP digital signature
