Maksymilian Arciemowicz has discovered a weakness in PHP, which can be exploited by malicious, local users to bypass certain security restrictions. maksymilian arciemowicz�ѷ��ֵ�һ�����㣬��PHP ���������������©���������û��ƹ�ijЩ��ȫ���ơ� This could have a major impact in shared hosting systems.��������ش�Ӱ�죬�ڹ�ͬ�����ϵͳ��

The weakness is caused due to an input validation error in the PHP error_log() function in the processing of the destination parameter.�����㣬������1������ȷ�ϴ�����PHP��error_log �� �������ڴ����Ŀ�ĵز��� It can be exploited to bypass the safe mode protection via directory traversal attacks in the "php://" wrapper.����Ա��������ƹ�ȫģʽ����ͨ��Ŀ¼��������ڡ� PHP�ģ� / / ����װ��

The weakness has been confirmed in version 5.1.4 and has also been reported in version 4.4.2.�����㣬�ѱ�֤ʵ�ڰ汾5.1.4����ݱ������ڰ汾4.4.2 �� Other versions may also be affected.����汾Ҳ�����ܵ�Ӱ�졣

Solution:���������
Disable the error_log function via the disable_functions directive if the safe mode protection is required.����error_log���ܣ�ͨ��disable_functionsָ����ȫģʽ�ı����DZ�Ҫ�ġ� This may impact functionality.����ܻ�Ӱ�칦�ܡ� All software vendors (including open source developers) should audit their source.���������Ӧ�̣�������Դ�����ߣ� ��Ӧ�������Դ��
viaͨ�� Secunia Secunia��˾