[Bug 491835] Re: PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal

2009-12-03 Thread Toomas Vahtra
zend optimizer version has > magic_quotes_gpc = Off that's the only difference, beside some Zend configuration So when I turn magic quotas On, that problem disapeares. Seems that it's not a bug, but just a configuration mistake. Sorry for wasting your time and thankyou for everything. ** Atta

[Bug 491835] Re: PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal

2009-12-03 Thread Toomas Vahtra
Ok, now I can't reproduce, with default php.ini. So the problem seems to be with the php.ini that came with Zend Optimizer -- PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal https://bugs.launchpad.net/bugs/491835 You received this bug notification because you are a member of Ubunt

[Bug 491835] Re: PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal

2009-12-03 Thread Toomas Vahtra
Using Zend Optimizer 3.3.3 as stated before $ php --version PHP 5.2.4-2ubuntu5.9 with Suhosin-Patch 0.9.6.2 (cli) (built: Nov 26 2009 13:59:08) Copyright (c) 1997-2007 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies Here is the phpinfo() output I'll try using the orig

[Bug 491835] Re: PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal

2009-12-03 Thread Toomas Vahtra
/usr/local/Zend/etc/php.ini attached ** Attachment added: "php.ini" http://launchpadlibrarian.net/36393620/php.ini -- PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal https://bugs.launchpad.net/bugs/491835 You received this bug notification because you are a member of Ubuntu Se

[Bug 491835] Re: PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal

2009-12-03 Thread Toomas Vahtra
I reproduced the same effect using webroot /var/www file test.php: http://myserver/test.php?pageID=/../../../etc/resolv.conf%00 filesystem is ext3 on a local harddrive -- PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal https://bugs.launchpad.net/bugs/491835 You received this b

[Bug 491835] Re: PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal

2009-12-03 Thread Toomas Vahtra
** Visibility changed to: Private -- PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal https://bugs.launchpad.net/bugs/491835 You received this bug notification because you are a member of Ubuntu Server Team, which is a direct subscriber. -- Ubuntu-server-bugs mailing list Ubuntu-

[Bug 491835] Re: PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal

2009-12-03 Thread Toomas Vahtra
** Visibility changed to: Public -- PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal https://bugs.launchpad.net/bugs/491835 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list