[v2.1] php<5.3.12: PHP-CGI query string parameter vulnerability (CVE-2012-1823) (#1129) · Issues · alpine / aports

[v2.1] php<5.3.12: PHP-CGI query string parameter vulnerability (CVE-2012-1823)

https://bugs.php.net/bug.php?id=61910

CVE: CVE-2012-1823

KEYWORDS:
php
php-cgi

OVERVIEW

PHP-CGI-based setups contain a vulnerability when parsing query
string parameters from php files.

DESCRIPTION

According to PHP’s website, “PHP is a widely-used general-purpose
scripting language that is especially suited for Web development and
can be embedded into HTML.” When PHP is used in a CGI-based setup
(such as Apache’s mod_cgid), the php-cgi receives a processed query
string parameter as command line arguments which allows command-line
switches, such as -s, -d or -c to be passed to the php-cgi binary,
which can be exploited to disclose source code and obtain arbitrary
code execution.

An example of the -s command, allowing an attacker to view the source
code of index.php is below:
http://localhost/index.php?-s

IMPACT

A remote unauthenticated attacker could obtain sensitive information,
cause a denial of service condition or may be able to execute
arbitrary code with the privileges of the web server.

SOLUTION

We are currently unaware of a practical solution to this problem.

REFERENCES

http://www.php.net/
http://www.php.net/manual/en/security.cgi-bin.php

CREDIT

Thanks to De Eindbazen for reporting this vulnerability.

This document was written by Michael Orlando.

(from redmine: issue id 1129, created on 2012-05-07, closed on 2012-05-09)

Changesets:
- Revision 8ebfedc6 by Natanael Copa on 2012-05-07T08:59:26Z:

main/php: security upgrade to 5.3.12 (CVE-2012-1823)

fixes #1129

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information