10 May
2012
10 May
'12
1:14 a.m.
On 05/10/12 00:22, Andy Smith wrote:
Hi,
As you may be aware a major security problem was recently found in PHP when
run in CGI mode. A customer has recently had their VPS compromised
and has discovered probes for this vulnerability as described here:
http://blog.sucuri.net/2012/05/php-cgi-vulnerability-exploited-in-the-wild.…
So, if you are running PHP in CGI mode you absolutely must secure it
against this.
A friend of mine thinks php5-suhosin prevents the attack from working.