Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5625 to the following vulnerability: PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file. References: http://securityreason.com/achievement_securityalert/59 http://www.securityfocus.com/archive/1/archive/1/498985/100/0/ http://www.php.net/ChangeLog-5.php#5.2.7 http://www.securityfocus.com/bid/32383 http://xforce.iss.net/xforce/xfdb/47314
Upstream patches: http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?r1=1.19.2.7.2.14&r2=1.19.2.7.2.15 http://cvs.php.net/viewvc.cgi/php-src/sapi/apache2handler/apache_config.c?r1=1.7.2.1.2.5&r2=1.7.2.1.2.6 http://groups.google.com.gh/group/php.cvs/browse_thread/thread/270a460272fb8f57
*** This bug has been marked as a duplicate of bug 169857 ***