GEN:SID 1:2147
Message WEB-PHP BLNews objects.inc.php4 remote file include attempt
Summary This event is generated when an attempt is made to exploit a weakness in the BLNews php application.
Impact Arbitrary code execution.
Detailed Information This event is generated when an attempt is made to exploit a vulnerability in the BLNews PHP application.

It is possible for an attacker to include a PHP file of his choosing via a URL, the script is processed and executed with the privileges of the user running the webserver.
Affected Systems Any host using BLNews.
Attack Scenarios An attacker could include a PHP file of his choice by including the file name in a URI supplied to the webserver that would in turn process the script.
Ease of Attack Simple.
Corrective Action Check the php implementation on the host.

Check the webserver log files for signs of this activity.

Where possible, ensure the webserver is run as an unprivileged process.

Check the host for signs of compromise.
Additional References Bugtraq:
http://www.securityfocus.com/bid/7677
Rule References bugtraq: 7677
cve: 2003-0394
nessus: 11647