Detections
Analytics
Debian DSA-1550-1 : suphp - programming error
medium Nessus Plugin ID 32005
Synopsis
The remote Debian host is missing a security-related update.Description
It was discovered that suphp, an Apache module to run PHP scripts with owner permissions handles symlinks insecurely, which may lead to privilege escalation by local users.Solution
Upgrade the suphp packages.For the stable distribution (etch), this problem has been fixed in version 0.6.2-1+etch0.
See Also
Plugin Details
Severity: Medium
ID: 32005
File Name: debian_DSA-1550.nasl
Version: 1.14
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 4/22/2008
Updated: 1/4/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.2
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:suphp, cpe:/o:debian:debian_linux:4.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Patch Publication Date: 4/17/2008
Reference Information
CVE: CVE-2008-1614
CWE: 264
DSA: 1550