blob: fda973d4914e02acb66a667141d8202e76a46ff8 [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<glsa id="200311-07">
<title>phpSysInfo: arbitrary code execution and directory traversal</title>
phpSysInfo contains two vulnerabilities that can allow arbitrary code
execution and local directory traversal.
<product type="ebuild">phpSysInfo</product>
<revised>December 30, 2007: 02</revised>
<package name="www-apps/phpsysinfo" auto="yes" arch="*">
<unaffected range="ge">2.1-r1</unaffected>
<vulnerable range="le">2.1</vulnerable>
phpSysInfo is a PHP system information tool.
phpSysInfo contains two vulnerabilities which could allow local files to be
read or arbitrary PHP code to be executed, under the privileges of the web
server process.
<impact type="normal">
An attacker could read local files or execute arbitrary code with the
permissions of the user running the host web server.
There is no known workaround at this time.
It is recommended that all Gentoo Linux users who are running
www-apps/phpsysinfo upgrade to the fixed version:
# emerge sync
# emerge -pv '&gt;=www-apps/phpsysinfo-2.1-r1'
# emerge '&gt;=www-apps/phpsysinfo-2.1-r1'
# emerge clean</code>
<uri link="">CAN-2003-0536</uri>