[v2.4] php<5.3.12: PHP-CGI query string parameter vulnerability (CVE-2012-1823)
PHP-CGI-based setups contain a vulnerability when parsing query
string parameters from php files.
According to PHP’s website, “PHP is a widely-used general-purpose
scripting language that is especially suited for Web development and
can be embedded into HTML.” When PHP is used in a CGI-based setup
(such as Apache’s mod_cgid), the php-cgi receives a processed query
string parameter as command line arguments which allows command-line
switches, such as -s, -d or -c to be passed to the php-cgi binary,
which can be exploited to disclose source code and obtain arbitrary
An example of the -s command, allowing an attacker to view the source
code of index.php is below:
A remote unauthenticated attacker could obtain sensitive information,
cause a denial of service condition or may be able to execute
arbitrary code with the privileges of the web server.
We are currently unaware of a practical solution to this problem.
Thanks to De Eindbazen for reporting this vulnerability.
This document was written by Michael Orlando.
(from redmine: issue id 1121, created on 2012-05-04, closed on 2012-05-07)
- Revision 3094cc97 by Natanael Copa on 2012-05-07T08:48:33Z:
main/php: security upgrade to 5.3.12 (CVE-2012-1823) fixes #1121
- Revision ef73ee2d by Natanael Copa on 2012-05-07T08:48:58Z:
main/php: security upgrade to 5.3.12 (CVE-2012-1823) fixes #1121 (cherry picked from commit 3094cc97b38c43163f36e8de49b1be8a57f0d7cc)