GLSA-200804-19 : PHP Toolkit: Data disclosure and Denial of Service
Low Nessus Plugin ID 32012
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200804-19 (PHP Toolkit: Data disclosure and Denial of Service)
Toni Arnold, David Sveningsson, Michal Bartoszkiewicz, and Joseph reported that php-select does not quote parameters passed to the 'tr' command, which could convert the '-D PHP5' argument in the 'APACHE2_OPTS' setting in the file /etc/conf.d/apache2 to lower case.
An attacker could entice a system administrator to run 'emerge php' or call 'php-select -t apache2 php5' directly in a directory containing a lower case single-character named file, which would prevent Apache from loading mod_php and thereby disclose PHP source code and cause a Denial of Service.
Do not run 'emerge' or 'php-select' from a working directory which contains a lower case single-character named file.
SolutionAll PHP Toolkit users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-admin/php-toolkit-1.0.1'