6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.078 Low
EPSS
Percentile
93.3%
Stephane Chazelas discovered that the cronjob of the PHP 5 package in
Debian suffers from a race condition which might be used to remove
arbitrary files from a system (CVE-2011-0441).
When upgrading your php5-common package take special care to accept
the changes to the /etc/cron.d/php5 file. Ignoring them would leave the
system vulnerable.
For the oldstable distribution (lenny), this problem has been fixed in
version 5.2.6.dfsg.1-1+lenny10.
For the stable distribution (squeeze), this problem has been fixed in
version 5.3.3-7+squeeze1.
For the unstable distribution (sid), this problem has been fixed in
version 5.3.6-1.
Additionally, the following vulnerabilities have also been fixed in the
oldstable distribution (lenny):
We recommend that you upgrade your php5 packages.