Eindbazen PHP-CGI vulnerability (CVE-2012-2311)

Seems to be that the official PHP patch doesn't work. What about Webfaction's own patch? Are webfaction servers (php-cgi) safe now?

Eindbazen source:

The new PHP versions as well as the official php patch contain a bug which makes the fix trivial to bypass. Use our mitigations for now.
New versions of PHP which incorporate this revised fix will be released soon. The issue that the bug was not initially properly fixed is being tracked as CVE-2012-2311.

cgi php

asked 04 May '12, 05:09

wallypally
1●1●3●4
accept rate: 0%

One Answer:

0	Hi, We've already deployed our own patch (wrapper that strips the extra arguments). Our servers are safe. permanent link answered 04 May '12, 05:29 todork 1.2k●5 accept rate: 34% Thanks for your reply. (04 May '12, 06:00) wallypally

Your answer

toggle preview

community wiki:

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "title")
image?![alt text](/path/img.jpg "title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

Question tags:

php ×262
cgi ×31

question asked: 04 May '12, 05:09

question was seen: 3,408 times

last updated: 04 May '12, 06:00