Text taken from MITRE:
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain
Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via
the ini_restore function, which resets the values to their php.ini (Master
This issue also likely affects RHEL2.1 and RHEL3
This issue should not present security issues; safe-mode/open_basedir bypasses
not being considered as such.
*** This bug has been marked as a duplicate of 169857 ***