Mandrake Linux Security Advisory : php-pear (MDKSA-2005:146)
Medium Nessus Plugin ID 19902
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionA problem was discovered in the PEAR XML-RPC Server package included in the php-pear package. If a PHP script which implements the XML-RPC Server is used, it would be possible for a remote attacker to construct an XML-RPC request which would cause PHP to execute arbitrary commands as the 'apache' user.
SolutionUpdate the affected php-pear package.