==================================================================== CERT-Renater Note d'Information No. 2012/VULN206 ____________________________________________________________________ DATE : 03/05/2012 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running PHP. . ====================================================================== http://www.kb.cert.org/vuls/id/520827 ______________________________________________________________________ Vulnerability Note VU#520827 PHP-CGI query string parameter vulnerability Original Release date: 03 mai 2012 | Last revised: 03 mai 2012 Overview PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. Description According to PHP's website, "PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML." When PHP is used in a CGI-based setup (such as Apache's mod_cgid), the php-cgi receives a processed query string parameter as command line arguments which allows command-line switches, such as -s, -d or -c to be passed to the php-cgi binary, which can be exploited to disclose source code and obtain arbitrary code execution. An example of the -s command, allowing an attacker to view the source code of index.php is below: http://localhost/index.php?-s Additional information can be found in the vulnerability reporter's blog post. Impact A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server. Solution We are currently unaware of a practical solution to this problem. Vendor Information Vendor Status Date Notified Date Updated The PHP Group Affected 23 Feb 2012 03 May 2012 CVSS Metrics (Learn More) Group Score Vector Base 9,0 AV:N/AC:L/Au:N/C:C/I:P/A:P Temporal 8,5 E:F/RL:U/RC:C Environmental 8,7 CDP:L/TD:H/CR:ND/IR:ND/AR:ND References http://www.php.net/ http://www.php.net/manual/en/security.cgi-bin.php http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ Credit Thanks to De Eindbazen for reporting this vulnerability. This document was written by Michael Orlando. Other Information CVE IDs: CVE-2012-1823 Date Public: 03 mai 2012 Date First Published: 03 mai 2012 Date Last Updated: 03 mai 2012 Document Revision: 15 Feedback If you have feedback, comments, or additional information about this vulnerability, please send us email. ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================