Get the LinuxSecurity news you want faster with RSS
Powered By
Gentoo: phpSysInfo directory traversal
Posted by LinuxSecurity.com Team
phpSysInfo contains two vulnerabilities which could allow local files to beread or arbitrary PHP code to be executed, under the privileges of the webserver process.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200311-06
- - ---------------------------------------------------------------------------
GLSA: 200311-06
package: dev-php/phpsysinfo
summary: phpSysInfo directory traversal
severity: normal
Gentoo bug: 26782
date: 2003-11-22
CVE: CAN-2003-0536
exploit: local
affected: <=2.1
fixed: >=2.1-r1
DESCRIPTION:
phpSysInfo contains two vulnerabilities which could allow local files to be
read or arbitrary PHP code to be executed, under the privileges of the web
server process.
SOLUTION:
It is recommended that all Gentoo Linux users who are running
dev-php/phpsysinfo upgrade to the fixed version:
emerge sync
emerge '>=dev-php/phpsysinfo-2.1-r1'
emerge clean
- --
Andrea Barisani <lcars@gentoo.org> .*.
Gentoo Linux Infrastructure Developer V
( )
GPG-Key 0xC9EE0905 http://dev.gentoo.org/~lcars/pubkey.asc ( )
491D E9E0 3875 0EC9 10DD 150B CAA9 2C7D C9EE 0905 ^^_^^
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/wi8LyqksfcnuCQURAmwWAJ9Ry7D8VrFpf1o2NuzqUXYsw0f8BwCfe7RV
01JaCZoERigxYEwopTsOp2U=
=MOHk
-----END PGP SIGNATURE-----
