Mandrake Linux Security Advisory : php (MDKSA-2002:017)
High Nessus Plugin ID 13925
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionSeveral flaws exist in various versions of PHP in the way it handles multipart/form-data POST requests, which are used for file uploads.
The php_mime_split() function could be used by an attacker to execute arbitrary code on the server. This affects both PHP4 and PHP3. The authors have fixed this in PHP 4.1.2 and provided patches for older versions of PHP.
SolutionUpdate the affected php, php-common and / or php-devel packages.