Mandrake Linux Security Advisory : mod_php3 (MDKSA-2000:062)
Critical Nessus Plugin ID 61849
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionPHP version 3 which ships with Linux-Mandrake are vulnerable to format string attacks due to logging functions that make improper use of the syslog() and vsnprintf() functions. This renders PHP3-enabled servers vulnerable to compromise by remote attackers. This attack is only effective on PHP installations that log errors and warnings while those servers that do not are not affected. By default, Linux-Mandrake systems do not have logging enabled.
SolutionUpdate the affected packages.