Ubuntu Security Notice USN-207-1
17th October, 2005
php4 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.04
- Ubuntu 4.10
Details
A bug has been found in the handling of the open_basedir directive
handling. Contrary to the specification, the value of open_basedir
was handled as a prefix instead of a proper directory name even if it
was terminated by a slash ('/'). For example, this allowed PHP scripts
to access the directory /home/user10 when open_basedir was configured
to '/home/user1/'.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.04:
- libapache2-mod-php4
- libapache-mod-php4
- Ubuntu 4.10:
- libapache2-mod-php4
- libapache-mod-php4
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None