PHP < 4.1.0 Safe Mode Mail Function Command Execution

medium Log Correlation Engine Plugin ID 801103

Synopsis

N/A

Description

The remote host is running PHP 4.0.5. There is a flaw in this version which allows local users to circumvent the safe mode and gain the UID of the HTTP process.

Solution

Upgrade to PHP 4.1.0

Plugin Details

Severity: Medium

ID: 801103

Family: Web Servers

Nessus ID: 10701, 13960, 12307

Reference Information

CVE: CVE-2001-1246

BID: 2954