1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - -------------------------------------------------------------------- |
5 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200211-005 |
6 |
- - -------------------------------------------------------------------- |
7 |
|
8 |
PACKAGE : php & mod_php |
9 |
SUMMARY : buffer overflow |
10 |
DATE : 2002-11-20 13:11 UTC |
11 |
EXPLOIT : local & remote |
12 |
|
13 |
- - -------------------------------------------------------------------- |
14 |
|
15 |
- From advisory: |
16 |
|
17 |
Two vulnerabilities exists in mail() PHP function. The first one |
18 |
allows to execute any program/script bypassing safe_mode restriction, |
19 |
the second one may give an open-relay script if mail() function is not |
20 |
carefully used in PHP scripts. |
21 |
|
22 |
Read the full advisory at |
23 |
http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204&w=2 |
24 |
|
25 |
SOLUTION |
26 |
|
27 |
It is recommended that all Gentoo Linux users who are running |
28 |
dev-php/php-4.2.2-r1 and/or dev-php/mod_php-4.2.2-r1 and earlier |
29 |
update their systems as follows: |
30 |
|
31 |
emerge rsync |
32 |
emerge php |
33 |
and/or |
34 |
emerge mod_php |
35 |
emerge clean |
36 |
|
37 |
- - -------------------------------------------------------------------- |
38 |
aliz@g.o - GnuPG key is available at www.gentoo.org/~aliz |
39 |
rphillips@g.o |
40 |
- - -------------------------------------------------------------------- |
41 |
-----BEGIN PGP SIGNATURE----- |
42 |
Version: GnuPG v1.0.7 (GNU/Linux) |
43 |
|
44 |
iD8DBQE924srfT7nyhUpoZMRAj4XAJ9YugJ+Gvb0+dQbmUJIFPbJJMFEgACgtPNQ |
45 |
OXAlpSYMVp0CcExWEK2ZQlI= |
46 |
=kuEw |
47 |
-----END PGP SIGNATURE----- |