Slackware 8.1 / 9.0 / 9.1 / current : PHP local security issue (SSA:2004-154-02)

high Nessus Plugin ID 18778

Synopsis

The remote Slackware host is missing a security update.

Description

New PHP packages are available for Slackware 8.1, 9.0, 9.1, and
-current to fix a security issue. These fix a problem in previous Slackware php packages where linking PHP against a static library in an insecure path (under /tmp) could allow a local attacker to place shared libraries at this location causing PHP to crash, or to execute arbitrary code as the PHP user (which is by default, 'nobody'). Thanks to Bryce Nichols for researching and reporting this issue.

Solution

Update the affected php package.

See Also

http://www.nessus.org/u?68b95e12

Plugin Details

Severity: High

ID: 18778

File Name: Slackware_SSA_2004-154-02.nasl

Version: 1.16

Type: local

Published: 7/13/2005

Updated: 1/14/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:php, cpe:/o:slackware:slackware_linux, cpe:/o:slackware:slackware_linux:8.1, cpe:/o:slackware:slackware_linux:9.0, cpe:/o:slackware:slackware_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Patch Publication Date: 6/2/2004

Vulnerability Publication Date: 6/2/2004

Reference Information

SSA: 2004-154-02