|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu USN-207-1 (php4)|
|Summary:||Ubuntu USN-207-1 (php4)|
The remote host is missing an update to php4
announced via advisory USN-207-1.
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected: libapache-mod-php4 libapache2-mod-php4
A bug has been found in the handling of the open_basedir directive
handling. Contrary to the specification, the value of open_basedir
was handled as a prefix instead of a proper directory name even if it
was terminated by a slash ('/'). For example, this allowed PHP scripts
to access the directory /home/user10 when open_basedir was configured
The problem can be corrected by upgrading the affected package to
version 4:4.3.8-3ubuntu7.13 (for Ubuntu 4.10), or
4:4.3.10-10ubuntu4.2 (for Ubuntu 5.04). In general, a standard system
upgrade is sufficient to effect the necessary changes.
Risk factor : Medium
BugTraq ID: 14957|
Common Vulnerability Exposure (CVE) ID: CVE-2005-3054
|Copyright||Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com|
|This is only one of 39644 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.