CVE-2006-4481

Name	CVE-2006-4481
Description	The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
php5 (PTS)	jessie, jessie (lts)	5.6.40+dfsg-0+deb8u18	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
php4	source	(unstable)	4:4.4.4-1	unimportant
php5	source	(unstable)	5.1.6-1	unimportant

Basedir violations not supported