LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Relicensing and rebasing LibreOffice

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

php: arbitrary file access and code execution

Package(s):php, mod_php CVE #(s):
Created:February 18, 2003 Updated:February 19, 2003
Description: Kosmas Skiadopoulos discovered a serious security vulnerability [0] in the CGI SAPI of PHP version 4.3.0. PHP [1] contains code for preventing direct access to the CGI binary with configure option "--enable-force-cgi-redirect" and php.ini option "cgi.force_redirect". In PHP 4.3.0 there is a bug which renders these options useless. Please note that this bug does NOT affect any of the other SAPI modules such as the Apache or ISAPI modules.

Anyone with access to websites hosted on a web server which employs the CGI module may exploit this vulnerability to gain access to any file readable by the user under which the webserver runs. A remote attacker could also trick PHP into executing arbitrary PHP code if attacker is able to inject the code into files accessible by the CGI. This could be for example the web server access-logs.

References:
[0] http://www.php.net/release_4_3_1.php
[1] http://www.php.net/

Alerts:
Gentoo 200302-09 2003-02-19
OpenPKG OpenPKG-SA-2003.010 2003-02-18
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds