A bug has been found in the handling of the open_basedir directive handling. Contrary to the specification, the value of open_basedir was handled as a prefix instead of a proper directory name even if it was terminated by a slash (‘/’). For example, this allowed PHP scripts to access the directory /home/user10 when open_basedir was configured to ‘/home/user1/’.
The problem can be corrected by updating your system to the following package versions:
17 October 2005
A security issue affects these releases of Ubuntu and its derivatives:
A bug has been found in the handling of the open_basedir directive handling. Contrary to the specification, the value of open_basedir was handled as a prefix instead of a proper directory name even if it was terminated by a slash (‘/’). For example, this allowed PHP scripts to access the directory /home/user10 when open_basedir was configured to ‘/home/user1/’.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.