linux, säkerhet

90949 2003-02-17  20:26  /76 rader/ Jani Taskinen <sniper@php.net>
Importerad: 2003-02-17  20:26  av Brevbäraren
Extern mottagare: php-announce@lists.php.net
Extern mottagare: php-dev@lists.php.net
Extern mottagare: php-general@lists.php.net
Externa svar till: sniper@php.net
Mottagare: Bugtraq (import) <3529>
Ärende: PHP Security Advisory: CGI vulnerability in PHP version 4.3.0
------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


   PHP Security Advisory: CGI vulnerability in PHP version 4.3.0

Issued on: February 17, 2003
Software:  PHP/CGI version 4.3.0
Platforms: All


   The PHP Group has learned of a serious security vulnerability in 
   the CGI SAPI of PHP version 4.3.0. 
   

Description

   PHP contains code for preventing direct access to the CGI binary
   with configure option "--enable-force-cgi-redirect" and php.ini
   option "cgi.force_redirect". In PHP 4.3.0 there is a bug which
   renders these options useless.
   
   NOTE: This bug does NOT affect any of the other SAPI modules.  
         (such as the Apache or ISAPI modules, etc.)


Impact

   Anyone with access to websites hosted on a web server which
   employs  the CGI module may exploit this vulnerability to gain
   access to any file readable by the user under which the webserver
   runs.

   A remote attacker could also trick PHP into executing arbitrary
   PHP code  if attacker is able to inject the code into files
   accessible by the CGI.  This could be for example the web server
   access-logs.


Solution

   The PHP Group has released a new PHP version, 4.3.1, which
   incorporates a fix for the vulnerability. All users of affected
   PHP versions are encouraged to upgrade to this latest version. The
   downloads web site at

      http://www.php.net/downloads.php
   
   has the new 4.3.1 source tarballs, Windows binaries and source
   patch from 4.3.0 available for download. You will only need to
   upgrade if  you're using the CGI module of PHP 4.3.0. There are no
   other bugfixes contained in this release.


Workaround

   None.

 
Credits

   The PHP Group would like to thank Kosmas Skiadopoulos for
   discovering  this vulnerability.


Copyright (c) 2003 The PHP Group.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+USOr/HlsOzK2WlERAtLKAJ9GPbPt6Vg77zIcPTGKh78WofmmeACgneDV
tUERfwp/RXtcH13vdv0CGGY=
=rYm5
-----END PGP SIGNATURE-----
(90949) /Jani Taskinen <sniper@php.net>/--(Ombruten)