Test ID:	1.3.6.1.4.1.25623.1.0.50502
Category:	Ubuntu Local Security Checks
Title:	Ubuntu 4.10 USN-66-1 (php4)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to php4 announced via advisory USN-66-1. FraMe from kernelpanik.org reported that the cURL module does not respect open_basedir restrictions. As a result, scripts which used cURL to open files with an user-specified path could read arbitrary local files outside of the open_basedir directory. Stefano Di Paola discovered a vulnerability in PHP's shmop_write() function. Its 'offset' parameter was not checked for negative values, which allowed an attacker to write arbitrary data to arbitrary memory locations. A script which passed unchecked parameters to shmop_write() could possibly be exploited to execute arbitrary code with the privileges of the web server and to bypass safe mode restrictions. The following packages are affected: libapache2-mod-php4 php4-cgi php4-curl Solution: The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.3. In general, a standard system upgrade is sufficient to effect the necessary changes. http://lists.ubuntu.com/archives/ubuntu-security-announce/2005-January/000068.html http://www.securitytracker.com/alerts/2004/Oct/1011984.html http://www.securityfocus.com/archive/1/384920 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.