GLSA 200311-07: phpSysInfo: arbitrary code execution and directory traversal
| Severity: | normal |
| Title: | phpSysInfo: arbitrary code execution and directory traversal |
| Date: | 11/22/2003 |
| Bugs: | |
| ID: | 200311-07 |
Synopsis
phpSysInfo contains two vulnerabilities that can allow arbitrary code execution and local directory traversal.Background
phpSysInfo is a PHP system information tool.
Affected packages
| Package | Vulnerable | Unaffected | Architecture(s) |
|---|---|---|---|
| www-apps/phpsysinfo | <= 2.1 | >= 2.1-r1 | All supported architectures |
Description
phpSysInfo contains two vulnerabilities which could allow local files to be read or arbitrary PHP code to be executed, under the privileges of the web server process.
Impact
An attacker could read local files or execute arbitrary code with the permissions of the user running the host web server.
Workaround
There is no known workaround at this time.
Resolution
It is recommended that all Gentoo Linux users who are running www-apps/phpsysinfo upgrade to the fixed version:
# emerge sync
# emerge -pv '>=www-apps/phpsysinfo-2.1-r1'
# emerge '>=www-apps/phpsysinfo-2.1-r1'
# emerge clean
References
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.