CVE-2009-0754 Information

Description

PHP 4.4.4 5.1.6 and other versions when running on Apache allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess which causes this setting to be applied to other virtual hosts on the same server.

Reference

http://bugs.php.net/bug.php?id=27421 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://secunia.com/advisories/34642 http://secunia.com/advisories/34830 http://secunia.com/advisories/35003 http://secunia.com/advisories/35007 http://secunia.com/advisories/35306 http://www.debian.org/security/2009/dsa-1789 http://www.openwall.com/lists/oss-security/2009/01/30/1 http://www.openwall.com/lists/oss-security/2009/02/03/3 http://www.openwall.com/lists/oss-security/2009/02/25/3 http://www.redhat.com/support/errata/RHSA-2009-0350.html http://www.securitytracker.com/id?1021979 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11035 https://usn.ubuntu.com/761-1/ https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html