PHP-CGI remote code execution bug. Workaround coming?

PHP-CGI remote code execution bug. Workaround coming?

I’ve seen this today and seems very dangerous to me since a lot of systems still use php-cgi. The dangerous code is put public today, so all php-cgi servers are now vulnarable to this code execution.

http://eindbazen.net/2012/05/php-cgi…cve-2012-1823/

Since php is installed via DA in custombuild, can custombuild provide a workaround for this? There is a workaround included on that page, I like the second way best.
The second way is a patch for PHP, which disables the parsing of arguments if
php-cgi is invoked as non-fastcgi cgi.

But this is in c so needs to be put in during compiling.

Comments are closed.