| VID |
21071 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "php" is installed.
The php CGI program (php) is part of the PHP/FI package written by Rasmus Lerdorf. It's found several vulnerabilities in the CGI program.
1. The 'php' program allows a remote attacker to read the contents of any file accessible to the user who owns the server process.
2. This program contains a buffer overflow that allows remote attackers to execute arbitrary commands on a web server. Commands are limited to those capable of being run under the UID of the user owning the httpd process, usually nobody. This is commonly used to deface web pages. |
| Recommendation |
Disable access to the php executable and upgrade to the latest version of PHP/FI.
Vulnerable Systems
~~~~~~~~~~~~~~~~~~
Any computer running a web server with php 2.0beta10 or earlier is vulnerable, irrespective of what operating system it is running, provided that PHP is run as a cgi, and not as an Apache module. When compiled as an Apache module, PHP does not appear to execute the problem code.
To determine whether a system is running a web server with php installed as a cgi, use your favorite web browser to access the URL
http://hostname/cgi-bin/php
If you see something like:
PHP/FI Version 2.0b10
...
Then the machine hostname is running PHP/FI.
Past Secure Networks advisories can be found at ftp://ftp.secnet.com/pub/advisories, and Secure Networks papers can be found at ftp://ftp.secnet.com/pub/papers.
Additional information about PHP/FI can be found at http://www.vex.net/php |
| Related URL |
CVE-1999-0238 (CVE) |
| Related URL |
2250 (SecurityFocus) |
| Related URL |
292 (ISS) |
|
