php-cgi remote Arbitrary Code Execution Vulnerability (cve-2012-1823) fix scenario

Source: Internet
Author: User
Tags cve

The first introduction to this vulnerability, in fact, when Apache calls the PHP interpreter to explain the. php file, the URL parameter will be passed to the PHP interpreter, if the URL after the command line switch (such as-s,-D,-C or

-dauto_prepend_file%3d/etc/passwd+-n), can lead to source code leaks and arbitrary code execution.   This vulnerability affects previous versions of php-5.3.12, mod mode, and FPM mode are unaffected.   Since the appearance, then fill it, the following are their own experience, in the spirit of open source, do a share, welcome message!    Three options: 1. Upgrade PHP version, (php-5.3.12 or above version);    2. Make a fuss on Apache, open the URL filter, the dangerous command line parameters to filter out, because this method of patching is relatively simple, using more. Practice: Modify the http.conf file to find <Directory/> add the following three lines rewriteengine on Rewritecond%{query_string} ^ (%2d|-) [^= ]+$ [NC] rewriterule ^ (. *) $ $? [L]

   Reboot Apache, but take into account that the equivalent of each request will be a URL filter, if the traffic is large, it may increase the burden of Apache.

3. With PHP patches, I personally prefer this.

Patch: HTTPS://EINDBAZEN.NET/2012/05/PHP-CGI-ADVISORY-CVE-2012-1823/

Patch effect: In fact, it is added a judgment, if it is the normal CGI, command line-s and other parameters will no longer be processed, unfortunately, when the verification, patch and I was the PHP version inconsistent, so the patch has not been hit.

Later simply change the source bar, the patch manually hit, involving sapi/cgi/cgi_main.c this file. In the main function, the search php_getopt is replaced with the following line, with a total of two places.

if (!cgi) while ((c = php_getopt (argc, argv, OPTIONS, &php_optarg, &php_optind, 0))! =-1)

After the replacement is the recompile installation, after I verify the perfect solution.

Finally upload the cgi_main.c file, there is a need to directly download the overlay.

: Http://files.cnblogs.com/files/virgree/cgi_main.rar

php-cgi remote Arbitrary Code Execution Vulnerability (cve-2012-1823) fix scenario

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.