Attackers can exploit this vulnerability to place unsafe libraries in insecure directories (such as/tmp). attackers may execute arbitrary code on the system with PHP process permissions. Currently, no vulnerability exists.
Information provision: |
Security Bulletins (or clues) provide hotlines: 51cto.editor@gmail.com |
Vulnerability Category: |
Insecure link configuration vulnerability |
Attack type: |
Remote attack |
Release date: |
2004-06-02 |
Updated on: |
2004-06-08 |
Affected systems: |
Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 |
Security system: |
None |
Vulnerability reporter: |
Bryce nickls |
Vulnerability description: |
Bugtraq id: 10461 Slackware is an open-source Linux operating system. Slackware Linux PHP has a configuration error. when you connect to PHP, the shared library will be linked to the insecure directory. Attackers can exploit this vulnerability to place unsafe libraries in insecure directories (such as/tmp). attackers may execute arbitrary code on the system with PHP process permissions. Currently, no details of this vulnerability are provided. |
Test method: |
None |
Solution: |
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage: Updated package for server load balancer 8.1: Ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/php-4.3.6-i386-1.tgz Updated package for server load balancer 9.0: Ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/php-4.3.6-i386-1.tgz Updated package for server load balancer 9.1: Ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/php-4.3.6-i486-1.tgz Updated package for Slackware-current: Ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/php-4.3.6-i486-4.tgz |