Package: libapache-mod-suphp
Version: 0.5.2-3
Severity: critical
There seems to be a serious security bug when using suphp
with apache 1.3.x on Sarge (and also on Etch).
Due to a bug in the suphp (or apache) package it is
necessary to use
AddHandler x-httpd-php .php
instead of the preferred
AddType x-httpd-php .php
Because of this a file called \'image.php.jpg\' is
interpreted and executed as a PHP file (not as an image).
Which makes the execution of arbitrary code possible when
(for example) a poorly written image-upload form fails to
properly check the file-extension.
More info can be found here:
http://www.mail-archive.com/[email protected]/msg00065.html
Note: Apache2 doesn\'t seem affected. It however generates a
\'[warn] Cannot get media type from x-httpd-php\' warning in
the apache error-log, each time a php-file is called upon.
Regards,
Fili
