[v2.4] php<5.3.12: PHP-CGI query string parameter vulnerability (CVE-2012-1823)
https://bugs.php.net/bug.php?id=61910
CVE: CVE-2012-1823
KEYWORDS:
php
php-cgi
OVERVIEW
PHP-CGI-based setups contain a vulnerability when parsing query
string parameters from php files.
DESCRIPTION
According to PHP’s website, “PHP is a widely-used general-purpose
scripting language that is especially suited for Web development and
can be embedded into HTML.” When PHP is used in a CGI-based setup
(such as Apache’s mod_cgid), the php-cgi receives a processed query
string parameter as command line arguments which allows command-line
switches, such as -s, -d or -c to be passed to the php-cgi binary,
which can be exploited to disclose source code and obtain arbitrary
code execution.
An example of the -s command, allowing an attacker to view the source
code of index.php is below:
http://localhost/index.php?-s
IMPACT
A remote unauthenticated attacker could obtain sensitive information,
cause a denial of service condition or may be able to execute
arbitrary code with the privileges of the web server.
SOLUTION
We are currently unaware of a practical solution to this problem.
REFERENCES
http://www.php.net/
http://www.php.net/manual/en/security.cgi-bin.php
CREDIT
Thanks to De Eindbazen for reporting this vulnerability.
This document was written by Michael Orlando.
(from redmine: issue id 1121, created on 2012-05-04, closed on 2012-05-07)
- Changesets:
- Revision 3094cc97 by Natanael Copa on 2012-05-07T08:48:33Z:
main/php: security upgrade to 5.3.12 (CVE-2012-1823)
fixes #1121
- Revision ef73ee2d by Natanael Copa on 2012-05-07T08:48:58Z:
main/php: security upgrade to 5.3.12 (CVE-2012-1823)
fixes #1121
(cherry picked from commit 3094cc97b38c43163f36e8de49b1be8a57f0d7cc)