| Name | CVE-2007-0905 |
| Description | PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 410561, 410995 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| php5 (PTS) | jessie, jessie (lts) | 5.6.40+dfsg-0+deb8u18 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| php5 | source | (unstable) | 5.2.0-9 | unimportant | 410561, 410995 |
we normally don't spend much time on safe_mode and open_basedir
issues, but the because the attack vectors are "unspecified", it
might be harder for us to try and sort out the fixes for this
from the session fixes in CVE-2007-0906 (see there for more info)