Ubuntu 4.10 : php4 vulnerabilities (USN-66-1)

Ubuntu Security Notice (C) 2005-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

FraMe from kernelpanik.org reported that the cURL module does not
respect open_basedir restrictions. As a result, scripts which used
cURL to open files with an user-specified path could read arbitrary
local files outside of the open_basedir directory.

Stefano Di Paola discovered a vulnerability in PHP's shmop_write()
function. Its 'offset' parameter was not checked for negative values,
which allowed an attacker to write arbitrary data to arbitrary memory
locations. A script which passed unchecked parameters to shmop_write()
could possibly be exploited to execute arbitrary code with the
privileges of the web server and to bypass safe mode restrictions.

Solution :

Update the affected packages.

Risk factor :

High

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 20685 ()

Bugtraq ID:

CVE ID: