Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-1823

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

Related bugs and status

CVE-2012-1823 (Candidate) is related to these bugs:

Bug #919451: PHP CGI arbitrary code execution vulnerability

Summary				In	Importance	Status
	919451	PHP CGI arbitrary code execution vulnerability		php5 (Ubuntu)	Undecided	Fix Released

Bug #995901: no changelog for 5.3.10-1ubuntu3.1

Summary				In	Importance	Status
	995901	no changelog for 5.3.10-1ubuntu3.1		php5 (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MISC: http://eindbazen.net/2...
CONFIRM: http://www.php.net/Cha...
CONFIRM: http://www.php.net/arc...
CONFIRM: https://bugs.php.net/b...
CERT-VN: VU#520827
REDHAT: RHSA-2012:0546
REDHAT: RHSA-2012:0547
REDHAT: RHSA-2012:0568
SECUNIA: 49014
SECUNIA: 49065
SECUNIA: 49087
HP: HPSBMU02786
HP: SSRT100877
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2012-09-19-2
SECTRACK: 1027022
SECUNIA: 49085
CERT-VN: VU#673343
CONFIRM: https://bugs.php.net/p...
HP: HPSBUX02791
HP: SSRT100856
MANDRIVA: MDVSA-2012:068
REDHAT: RHSA-2012:0569
REDHAT: RHSA-2012:0570
SUSE: openSUSE-SU-2012:0590
DEBIAN: DSA-2465
SUSE: SUSE-SU-2012:0598
SUSE: SUSE-SU-2012:0604