The e-matters team have found multiple remotely exploitable vulnerabilites in the source code responsible for file upload in the apache modules mod_php and mod_php4 (versions 3 and 4). The weakness can be used to have the webserver execute arbitrary code as supplied by the attacker.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 7.0 | alpha | mod_php4 | < 4.0.4pl1-44 | mod_php4-4.0.4pl1-44.alpha.rpm |
openSUSE | 7.3 | ppc | mod_php4 | < 4.0.6-87 | mod_php4-4.0.6-87.ppc.rpm |
openSUSE | 7.3 | i386 | mod_php4-servlet | < 4.0.6-148 | mod_php4-servlet-4.0.6-148.i386.rpm |
openSUSE | 7.1 | alpha | mod_php4-roxen | < 4.0.4pl1-44 | mod_php4-roxen-4.0.4pl1-44.alpha.rpm |
openSUSE | 7.0 | ppc | mod_php4 | < 4.0.4pl1-36 | mod_php4-4.0.4pl1-36.ppc.rpm |
openSUSE | 7.0 | i386 | mod_php | < 3.0.17RC1-54 | mod_php-3.0.17RC1-54.i386.rpm |
openSUSE | 7.0 | sparc | mod_php4 | < 4.0.4pl1-37 | mod_php4-4.0.4pl1-37.sparc.rpm |
openSUSE | 6.4 | i386 | mod_php | < 3.0.16-79 | mod_php-3.0.16-79.i386.rpm |
openSUSE | 7.1 | i386 | mod_php4-roxen | < 4.0.4pl1-126 | mod_php4-roxen-4.0.4pl1-126.i386.rpm |
openSUSE | 7.3 | i386 | mod_php4 | < 4.0.6-148 | mod_php4-4.0.6-148.i386.rpm |