[v2.3] php<5.3.12: PHP-CGI query string parameter vulnerability (CVE-2012-1823)
https://bugs.php.net/bug.php?id=61910
CVE: CVE-2012-1823
KEYWORDS:
php
php-cgi
OVERVIEW
PHP-CGI-based setups contain a vulnerability when parsing query
string parameters from php files.
DESCRIPTION
According to PHP’s website, “PHP is a widely-used general-purpose
scripting language that is especially suited for Web development and
can be embedded into HTML.” When PHP is used in a CGI-based setup
(such as Apache’s mod_cgid), the php-cgi receives a processed query
string parameter as command line arguments which allows command-line
switches, such as -s, -d or -c to be passed to the php-cgi binary,
which can be exploited to disclose source code and obtain arbitrary
code execution.
An example of the -s command, allowing an attacker to view the source
code of index.php is below:
http://localhost/index.php?-s
IMPACT
A remote unauthenticated attacker could obtain sensitive information,
cause a denial of service condition or may be able to execute
arbitrary code with the privileges of the web server.
SOLUTION
We are currently unaware of a practical solution to this problem.
REFERENCES
http://www.php.net/
http://www.php.net/manual/en/security.cgi-bin.php
CREDIT
Thanks to De Eindbazen for reporting this vulnerability.
This document was written by Michael Orlando.
(from redmine: issue id 1126, created on 2012-05-07, closed on 2012-05-09)
- Changesets:
- Revision b1eaed0b by Natanael Copa on 2012-05-07T08:57:29Z:
main/php: security upgrade to 5.3.12 (CVE-2012-1823)
fixes #1126