FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

suphp -- multiple local privilege escalation vulnerabilities

Affected packages
suphp < 0.6.3

Details

VuXML ID fb672330-02db-11dd-bd06-0017319806e7
Discovery 2008-03-30
Entry 2008-04-05
Modified 2010-05-12

Multiple local privilege escalation are found in the symlink verification code. An attacker may use it to run a PHP script with the victim's privilege. This attack is a little harder when suphp operates in paranoid mode. For suphp that runs in owner mode which is the default in ports, immediate upgrade to latest version is advised.

References

Bugtraq ID 28568
CVE Name CVE-2008-1614
URL http://lists.marsching.biz/pipermail/suphp/2008-March/001750.html