Test ID:	1.3.6.1.4.1.25623.1.0.55657
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-207-1 (php4)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to php4 announced via advisory USN-207-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: libapache-mod-php4 libapache2-mod-php4 A bug has been found in the handling of the open_basedir directive handling. Contrary to the specification, the value of open_basedir was handled as a prefix instead of a proper directory name even if it was terminated by a slash ('/'). For example, this allowed PHP scripts to access the directory /home/user10 when open_basedir was configured to '/home/user1/'. Solution: The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.13 (for Ubuntu 4.10), or 4:4.3.10-10ubuntu4.2 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-207-1 Risk factor : Medium CVSS Score: 2.1
Cross-Ref:	BugTraq ID: 14957 Common Vulnerability Exposure (CVE) ID: CVE-2005-3054 http://www.securityfocus.com/bid/14957 http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:213 http://secunia.com/advisories/17229 http://secunia.com/advisories/17371 http://secunia.com/advisories/17510 http://secunia.com/advisories/17557 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html https://usn.ubuntu.com/207-1/ http://www.vupen.com/english/advisories/2005/1862 http://www.vupen.com/english/advisories/2005/2254
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.