also sprach John Griffiths (on Tue, 18 Sep 2001 11:03:01AM +0000):
> planning to run apache php mysql webserver with some email duties
> (exim & qpopper in all likelihood)
woody has php 4.0.5 which isn't really that secure. then again,
potato's isn't either. you'll probably want to get a new php module
for apache from unstable (if exists), or compile from source!
this is nessus on one of my woody hosts.
The remote host is running php 4.0.5.
There is a flaw in this version of PHP that allows
local users to circumvent the safe mode and to gain
the uid of the http process.
Solution : Upgrade to PHP 4.0.6
Risk factor : High
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
--
1-800-psych
hello, welcome to the psychiatric hotline.
if you have multiple personalities, please press 3, 4, 5 and 6.
Attachment:
pgpU0p66qZPxT.pgp
Description: PGP signature