Does PHP-CGI security issue (CVE-2012-1823) affect PHP running as regular users with mod_fcgid?

Question

Does this PHP-CGI security issue (CVE-2012-1823) affect PHP when it's running under individual regular-user accounts with mod_fcgid?

The wrapper .fcgi script I've been using is:

#!/bin/bash
PHPRC=$PWD/../etc/php5
export PHPRC
umask 022
export PHP_FCGI_CHILDREN
SCRIPT_FILENAME=$PATH_TRANSLATED
export SCRIPT_FILENAME
exec /usr/bin/php-cgi

worked exploit here http://blog.spiderlabs.com/2012/05/php-cgi-exploitation-by-example.html to test your own servers with — Cheekysoft, May 09 '12 at 11:58

score 2 · Accepted Answer · answered May 07 '12 at 22:27

2

According to the guys at LWN, it only affects CGI, not FCGI.

answered May 07 '12 at 22:27

David

354
3
10

Does PHP-CGI security issue (CVE-2012-1823) affect PHP running as regular users with mod_fcgid?

1 Answers1