[contribteam] [Bug 6923] New: Official PHP5 CGI Bug

Fri, 04 May 2012 05:12:28 -0700 

==================================================================
  Please DO NOT REPLY to this mail or send email to the developers
  about this bug. Please follow-up to Bugzilla using this link:
    http://bugs.contribs.org/show_bug.cgi?id=6923

  Have you checked the Frequently Asked Questions (FAQ)?
    http://wiki.contribs.org/SME_Server:Documentation:FAQ

  Please also take the time to read the following useful guide:
    http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==================================================================

          Priority: P3
            Bug ID: 6923
          Assignee: [email protected]
           Summary: Official PHP5 CGI Bug
        QA Contact: [email protected]
          Severity: normal
    Classification: Contribs
                OS: ---
          Reporter: [email protected]
          Hardware: ---
            Status: UNCONFIRMED
           Version: 7.5
         Component: smeserver-php5-cgi
           Product: SME Contribs

Some systems support a method for supplying a [sic] array of strings to the CGI
script. This is only used in the case of an `indexed' query. This is identified
by a "GET" or "HEAD" HTTP request with a URL search string not containing any
unencoded "=" characters. 
So, requests that do not have a "=" in the query string are treated differently
from those who do in some CGI implementations. For PHP this means that a
request containing ?-s may dump the PHP source code for the page, but a request
that has ?-s&=1 is fine.

A large number of sites run PHP as either an Apache module through mod_php or
using php-fpm under nginx. Neither of these setups are vulnerable to this.
Straight shebang-style CGI also does not appear to be vulnerable.

If you are using Apache mod_cgi to run PHP you may be vulnerable. To see if you
are, just add ?-s to the end of any of your URLs. If you see your source code,
you are vulnerable. If your site renders normally, you are not.

To fix this, update to PHP 5.3.12 or PHP 5.4.2.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at http://lists.contribs.org/mailman/public/contribteam/

Reply via email to