SlackwareLinuxPHPPackages insecure link configuration vulnerability

Attackers can exploit this vulnerability to place unsafe libraries in insecure directories (such as/tmp). attackers may execute arbitrary code on the system with PHP process permissions. Currently, no vulnerability exists.

Information provision:	Security Bulletins (or clues) provide hotlines: 51cto.editor@gmail.com
Vulnerability Category:	Insecure link configuration vulnerability
Attack type:	Remote attack
Release date:	2004-06-02
Updated on:	2004-06-08
Affected systems:	Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1
Security system:	None
Vulnerability reporter:	Bryce nickls
Vulnerability description:	Bugtraq id: 10461 Slackware is an open-source Linux operating system. Slackware Linux PHP has a configuration error. when you connect to PHP, the shared library will be linked to the insecure directory. Attackers can exploit this vulnerability to place unsafe libraries in insecure directories (such as/tmp). attackers may execute arbitrary code on the system with PHP process permissions. Currently, no details of this vulnerability are provided.
Test method:	None
Solution:	The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage: Updated package for server load balancer 8.1: Ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/php-4.3.6-i386-1.tgz Updated package for server load balancer 9.0: Ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/php-4.3.6-i386-1.tgz Updated package for server load balancer 9.1: Ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/php-4.3.6-i486-1.tgz Updated package for Slackware-current: Ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/php-4.3.6-i486-4.tgz