COMMAND

	unsecured owner changes are possible

SYSTEMS AFFECTED

	chuid-1.2
	

	

PROBLEM

	Roman Ivanov found two bugs on chuid.
	

	Chuid is is a small  program  to  solve  a  problem  created  by  PHP\'s
	safe_mode, which makes  it  so  that  non-webserver  owned  PHP  scripts
	can\'t accept file uploads. It solves this dilemma by allowing files  in
	a  compile  time  specified  upload  directory  to  be  re-owned  by  an
	arbitrary user, thus allowing  PHP  scripts  to  make  use  of  uploaded
	files.
	

	First bug : it is possible to go out of upload  directory  using  \"..\"
	Second bug : root and webserver owned files may also be re-owned

SOLUTION

	Ugrade to latest version
	

	http://srparish.net/scripts/chuid-1.3.tar.gz