The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/.
Stephane Chazelas discovered that the cronjob of the PHP 5 package in
Debian suffers from a race condition which might be used to remove
arbitrary files from a system (CVE-2011-0441)
When upgrading your php5-common package take special care to accept
the changes to the /etc/crond/php5 file Ignoring them would leave the
system vulnerable
For the ...
Debian Bug report logs -
#581170
php5 crypt() does not complete with emtpy salt
Package:
php5;
Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon)
Reported by: "Raoul Bhatia [IPAX]" <rbhatia@ipaxat>
Date: Tue, 11 May 2010 10:33:01 ...