CVE-2004-0530

Name of the Vulnerable Software and Affected Versions PHP package in Slackware versions 8.1 through 9.1

Description The issue allows local users to execute arbitrary code as the PHP user by inserting shared libraries into the appropriate path because the PHP package, when linked against a static library, includes /tmp in the search path.

Recommendations For Slackware versions 8.1 through 9.1, consider restricting access to the /tmp directory to prevent local users from inserting malicious shared libraries. As a temporary workaround, avoid using static libraries with the PHP package until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.