Gentoo Logo

phpSysInfo: arbitrary code execution and directory traversal

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200311-07 / phpSysInfo
Release Date November 22, 2003
Latest Revision December 30, 2007: 02
Impact normal
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
www-apps/phpsysinfo <= 2.1 >= 2.1-r1 All supported architectures

Related bugreports: #26782

Synopsis

phpSysInfo contains two vulnerabilities that can allow arbitrary code execution and local directory traversal.

2.  Impact Information

Background

phpSysInfo is a PHP system information tool.

Description

phpSysInfo contains two vulnerabilities which could allow local files to be read or arbitrary PHP code to be executed, under the privileges of the web server process.

Impact

An attacker could read local files or execute arbitrary code with the permissions of the user running the host web server.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

It is recommended that all Gentoo Linux users who are running www-apps/phpsysinfo upgrade to the fixed version:

Code Listing 3.1: Resolution

# emerge sync
# emerge -pv '>=www-apps/phpsysinfo-2.1-r1'
# emerge '>=www-apps/phpsysinfo-2.1-r1'
# emerge clean

4.  References

Print

Page updated November 22, 2003

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.