First published: Thu Jun 05 2014(Updated: )
It was reported[1] to the full-disclosure mailing list that PHP's configure script uses a predictable filename in /tmp/, "/tmp/phpglibccheck". A local attacker could use this flaw to perform a symbolic link attack against a user building the source RPM or running the configure script. [1] <a href="http://seclists.org/fulldisclosure/2014/Jun/21">http://seclists.org/fulldisclosure/2014/Jun/21</a>
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
PHP PHP | <5.3.29 | |
PHP PHP | >=5.4.0<5.4.30 | |
PHP PHP | >=5.5.0<5.5.14 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.