2

Does this PHP-CGI security issue (CVE-2012-1823) affect PHP when it's running under individual regular-user accounts with mod_fcgid?

The wrapper .fcgi script I've been using is:

#!/bin/bash
PHPRC=$PWD/../etc/php5
export PHPRC
umask 022
export PHP_FCGI_CHILDREN
SCRIPT_FILENAME=$PATH_TRANSLATED
export SCRIPT_FILENAME
exec /usr/bin/php-cgi
Isaac
  • 534
  • 2
  • 11
  • 24
  • worked exploit here http://blog.spiderlabs.com/2012/05/php-cgi-exploitation-by-example.html to test your own servers with – Cheekysoft May 09 '12 at 11:58

1 Answers1

2

According to the guys at LWN, it only affects CGI, not FCGI.

David
  • 354
  • 3
  • 10