suphp -- multiple local privilege escalation vulnerabilities

ID FB672330-02DB-11DD-BD06-0017319806E7
Type freebsd
Reporter FreeBSD
Modified 2010-05-12T00:00:00


Multiple local privilege escalation are found in the symlink verification code. An attacker may use it to run a PHP script with the victim's privilege. This attack is a little harder when suphp operates in paranoid mode. For suphp that runs in owner mode which is the default in ports, immediate upgrade to latest version is advised.