Maksymilian Arciemowicz has discovered a weakness in PHP, which can be exploited by malicious, local users to bypass certain security restrictions. maksymilian arciemowicz�̎コ��PHP�̂𔭌��������Ƃ��ł���悤�Ɉ��p����鈫�ӂ̂���A���[�J�����[�U�[�����[�J�����[�U�[�̓���̃Z�L�����e�B��̐������o�C�p�X����B This could have a major impact in shared hosting systems.����͋��L�z�X�e�B���O�ɑ傫�ȉe����^����V�X�e���ł��B

The weakness is caused due to an input validation error in the PHP error_log() function in the processing of the destination parameter.�̎コ�������̂��߂ɂ́A PHP�̓�͌��؂ɃG���[����������error_log �i �j�֐��̏����́A�ړI�n�̃p�����[�^���w�肵�܂��B It can be exploited to bypass the safe mode protection via directory traversal attacks in the "php://" wrapper.���p���o�C�p�X���邱�Ƃ��Z�[�t���[�h�ŕی�o�R�Ńf�B���N�g���g���o�[�T���̃e���U���́A " PHP�́F / / "���b�p�[�ł��B

The weakness has been confirmed in version 5.1.4 and has also been reported in version 4.4.2.�̎コ���m�F���ꂽ�o�[�W����5.1.4��4.4.2�̃o�[�W�����ɂ��񍐂���Ă��܂��B Other versions may also be affected.���̃o�[�W�����ɉe������邱�Ƃ�����܂��B

Solution:������F
Disable the error_log function via the disable_functions directive if the safe mode protection is required. error_log�ɋ@�\�𖳌�ɂ����disable_functions�f�B���N�e�B�u���o�R���ăZ�[�t���[�h�̏ꍇ�A�ی삪�K�v�ł��B This may impact functionality.����5���^����e���@�\��񋟂��܂��B All software vendors (including open source developers) should audit their source.���ׂẴ\�t�g�E�F�A�x���_�i�I�[�v���\�[�X�J���҂��܂ށj�́A�č��̃\�[�X�ł��B
via�o�R�� Secunia��Secunia