Ubuntu 4.10 / 5.04 : php4 vulnerability (USN-207-1)
Low Nessus Plugin ID 20624
SynopsisThe remote Ubuntu host is missing one or more security-related patches.
DescriptionA bug has been found in the handling of the open_basedir directive handling. Contrary to the specification, the value of open_basedir was handled as a prefix instead of a proper directory name even if it was terminated by a slash ('/'). For example, this allowed PHP scripts to access the directory /home/user10 when open_basedir was configured to '/home/user1/'.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected packages.