FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-2311

This CVE name corresponds to:

Entered Topic
2012-05-12 php -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-2311 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-2311
Phase Assigned(20120419)

Description

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.

References

Source Reference
MISC http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
CONFIRM http://www.php.net/ChangeLog-5.php#5.4.3
CONFIRM http://www.php.net/archive/2012.php#id2012-05-08-1
CONFIRM https://bugs.php.net/bug.php?id=61910
CONFIRM https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=1336093719&display=1
CONFIRM http://support.apple.com/kb/HT5501
APPLE APPLE-SA-2012-09-19-2
HP HPSBUX02791
HP SSRT100856
HP HPSBMU02900
HP SSRT100992
CERT-VN VU#520827
SECTRACK 1027022
SECUNIA 49014
SECUNIA 49085

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.