Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-278: suphp Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-278: suphp Vulnerability
# 1  
Old 04-25-2008
S-278: suphp Vulnerability
It was discovered that suphp, an Apache module to run PHP scripts with owner permissions handles symlinks insecurely, which may lead to privilege escalation by local users. The risk is LOW. May lead to privilege escalation by local users.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

5 More Discussions You Might Find Interesting

1. IP Networking

Common Vulnerability

Hi there, I am trying to find info about the commonly used ports and how it can be vulnerable and to identify them? For example, I would like to identify how to man-in-the-middle using these ports 21(FTP),22(SSH),23(TELNET), (1 Reply)
Discussion started by: alvinoo
1 Replies

2. News, Links, Events and Announcements

Bash vulnerability

Not sure if there is a post about it here somewhere already. Anyway: Remote exploit vulnerability in bash CVE-2014-6271 | CSO Online (3 Replies)
Discussion started by: zaxxon
3 Replies

3. UNIX for Advanced & Expert Users

suPHP stopped working after dist-upgrade

Hi all, My server was Debian Etch (4) and had a working suPHP module (version 0.6.2-1). After I dist-upgraded it to Lenny (Debian 5), suPHP (version 0.6.2-3) stopped working. I read in the mailing list that I should change the settings of /etc/suphp/suphp.conf to this form: ;Handler... (1 Reply)
Discussion started by: mjdousti
1 Replies

4. UNIX for Dummies Questions & Answers

How to setup Apache + mod_fcgi + suphp?

Hello. Could you please post an example of configuration of Apache + mod_fcgi + suphp? Till now I can get to work only either mod_fcgi or suphp, but not together. As I understand, suphp binary should be called from FCGIWrapper directive, but it always says, that SCRIPT_NAME variable is not... (0 Replies)
Discussion started by: FractalizeR
0 Replies

5. Cybersecurity

SNMP Vulnerability

SNMP Vulnerability: In a few minutes wire services and other news sources will begin breaking a story about widespread vulnerabilities in SNMP (Simple Network Management Protocol). Exploits of the vulnerability cause systems to fail or to be taken over. The vulnerability can be found in... (1 Reply)
Discussion started by: dpatel
1 Replies
Login or Register to Ask a Question

LEARN ABOUT PHP

umask

UMASK(3)								 1								  UMASK(3)

umask - Changes the current umask

SYNOPSIS

       int umask ([int	$mask])

DESCRIPTION

       umask(3)  sets PHP's umask to $mask & 0777 and returns the old umask. When PHP is being used as a server module, the umask is restored when
       each request is finished.

PARAMETERS

	      o $mask
		- The new umask.

RETURN VALUES

       umask(3) without arguments simply returns the current umask otherwise the old umask is returned.

EXAMPLES

       Example #1

	      umask(3) example

	      <?php
	      $old = umask(0);
	      chmod("/path/some_dir/some_file.txt", 0755);
	      umask($old);

	      // Checking
	      if ($old != umask()) {
		  die('An error occurred while changing back the umask');
	      }
	      ?>

NOTES

       Note

	       Avoid using this function in multithreaded webservers. It is better to change the file permissions with chmod(3) after creating the
	      file.  Using  umask(3) can lead to unexpected behavior of concurrently running scripts and the webserver itself because they all use
	      the same umask.

PHP Documentation Group 														  UMASK(3)