php-cgi remote Arbitrary Code Execution Vulnerability (cve-2012-1823) fix scenario

The first introduction to this vulnerability, in fact, when Apache calls the PHP interpreter to explain the. php file, the URL parameter will be passed to the PHP interpreter, if the URL after the command line switch (such as-s,-D,-C or

-dauto_prepend_file%3d/etc/passwd+-n), can lead to source code leaks and arbitrary code execution. 　　This vulnerability affects previous versions of php-5.3.12, mod mode, and FPM mode are unaffected. 　　Since the appearance, then fill it, the following are their own experience, in the spirit of open source, do a share, welcome message!　　　　Three options: 1. Upgrade PHP version, (php-5.3.12 or above version);　　　　2. Make a fuss on Apache, open the URL filter, the dangerous command line parameters to filter out, because this method of patching is relatively simple, using more. Practice: Modify the http.conf file to find <Directory/> add the following three lines rewriteengine on Rewritecond%{query_string} ^ (%2d|-) [^= ]+$ [NC] rewriterule ^ (. *) $ $? [L]

　　　Reboot Apache, but take into account that the equivalent of each request will be a URL filter, if the traffic is large, it may increase the burden of Apache.

3. With PHP patches, I personally prefer this.

Patch: HTTPS://EINDBAZEN.NET/2012/05/PHP-CGI-ADVISORY-CVE-2012-1823/

Patch effect: In fact, it is added a judgment, if it is the normal CGI, command line-s and other parameters will no longer be processed, unfortunately, when the verification, patch and I was the PHP version inconsistent, so the patch has not been hit.

Later simply change the source bar, the patch manually hit, involving sapi/cgi/cgi_main.c this file. In the main function, the search php_getopt is replaced with the following line, with a total of two places.

if (!cgi) while ((c = php_getopt (argc, argv, OPTIONS, &php_optarg, &php_optind, 0))! =-1)

After the replacement is the recompile installation, after I verify the perfect solution.

Finally upload the cgi_main.c file, there is a need to directly download the overlay.

: Http://files.cnblogs.com/files/virgree/cgi_main.rar

php-cgi remote Arbitrary Code Execution Vulnerability (cve-2012-1823) fix scenario