playsmsd (symlinked to
playsmsd.php or copied from
playsmsd.php) must not be running as root.
This is because of the previous vulnerability that allows attacker to modify PHP files. While that bug was already fixed in
1.4.2 if by any means attacker can modify any playSMS PHP file that PHP file might be loaded by
playsmsd thus running
playsmsd as root will be dangerous.
What you can do right now:
- Make sure that you’re using playSMS 1.4.2
- Make sure that your playsmsd (or playsmsd.php) is not running as root