Red Hat Bugzilla – Bug 205003
CVE-2006-3011 multiple PHP safe mode bypasses (CVE-2006-4481, CVE-2006-2563)
Last modified: 2008-06-25 03:24:26 EDT
Several issues were discovered which can lead to a condition where the safe_mode
or open_basedir directives can be overridden. It should be noted that neither
safe_mode or open_basedir are considered safe and are not suggested to be used
as security measures.
Added missing safe_mode/open_basedir checks inside the error_log()
Added missing safe_mode/open_basedir checks inside the file_exists(),
imap_open() and imap_reopen() functions.
Fixed possible open_basedir/safe_mode bypass in cURL extension
These issues should also affect RHEL2.1 and RHEL3
These issues also affect FC4
The issues covered here are all safe mode/open_basedir-related, so will not be
considered as security issues.
*** This bug has been marked as a duplicate of 169857 ***