9 May
2012
9 May
'12
2:22 p.m.
Hi,
As you may be aware a major security problem was recently found in PHP when
run in CGI mode. A customer has recently had their VPS compromised
and has discovered probes for this vulnerability as described here:
http://blog.sucuri.net/2012/05/php-cgi-vulnerability-exploited-in-the-wild.…
So, if you are running PHP in CGI mode you absolutely must secure it
against this.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce
9 May
9 May
2:56 p.m.
New subject: PHP-CGI exploit probes seen - please make sure your VPS is secured against this
Help sought...
I'm running latest WP on Ubuntu LTS (10.04) using PHP5-CGI and lighttpd. I
know full well that my PHP5 will be vulnerable (v5.3.2, damn you Ubuntu;
CATCH UP FOR F**KS SAKE!!!), but I don't know how to go about securing it
in lighty (if I even need to). I do know that if I point a browser at
"index.php?-s", I get the front page of my blog back (as if I had left the
"?-s" off) and not anything that would scream "VULNERABLE!!!" at me.
Kind regards
Murray Crane
On 9 May 2012 15:22, Andy Smith <andy(a)bitfolk.com> wrote:
Hi,
As you may be aware a major security problem was recently found in PHP when
run in CGI mode. A customer has recently had their VPS compromised
and has discovered probes for this vulnerability as described here:
http://blog.sucuri.net/2012/05/php-cgi-vulnerability-exploited-in-the-wild.…
So, if you are running PHP in CGI mode you absolutely must secure it
against this.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEAREDAAYFAk+qfa4ACgkQIJm2TL8VSQuJhQCcDEmoMJkMPV7agl7QQZA9D8O1
SzgAoLYM0CtNXYLTURWslRykWONBlgxv
=SrFn
-----END PGP SIGNATURE-----
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users
3:35 p.m.
New subject: PHP-CGI exploit probes seen - please make sure your VPS is secured against this
On 9 May 2012 07:56, Murray Crane <murray.crane(a)gmail.com> wrote:
I'm running latest WP on Ubuntu LTS (10.04) using
PHP5-CGI and lighttpd. I
know full well that my PHP5 will be vulnerable (v5.3.2, damn you Ubuntu;
CATCH UP FOR F**KS SAKE!!!), but I don't know how to go about securing it in
lighty (if I even need to). I do know that if I point a browser at
"index.php?-s", I get the front page of my blog back (as if I had left the
"?-s" off) and not anything that would scream "VULNERABLE!!!" at me.
You sure about Ubuntu not putting an update out?
https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.15 suggests otherwise.
Announce went out some days back, and the new packages were already available.
https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-May/001678.…
Al.
3:52 p.m.
New subject: PHP-CGI exploit probes seen - please make sure your VPS is secured against this
All my Ubuntu boxes (that I can currently access, that is) have back-port
fixes, so all good. Thanks for the heads up Al.
Kind regards
Murray Crane
On 9 May 2012 16:35, Alan Pope <alan(a)popey.com> wrote:
On 9 May 2012 07:56, Murray Crane
<murray.crane(a)gmail.com> wrote:
I'm running latest WP on Ubuntu LTS (10.04)
using PHP5-CGI and lighttpd.
I
know full well that my PHP5 will be vulnerable
(v5.3.2, damn you Ubuntu;
CATCH UP FOR F**KS SAKE!!!), but I don't know how to go about securing
it in
lighty (if I even need to). I do know that if I
point a browser at
"index.php?-s", I get the front page of my blog back (as if I had left
the
"?-s" off) and not anything that would
scream "VULNERABLE!!!" at me.
You sure about Ubuntu not putting an update out?
https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.15 suggests
otherwise.
Announce went out some days back, and the new packages were already
available.
https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-May/001678.…
Al.
4:26 p.m.
New subject: PHP-CGI exploit probes seen - please make sure your VPS is secured against this
I see a couple of scans in my logs from a few days ago. Am I right in
thinking the only Debian fix available is in sid?
On May 9, 2012 3:22 PM, "Andy Smith" <andy(a)bitfolk.com> wrote:
Hi,
As you may be aware a major security problem was recently found in PHP when
run in CGI mode. A customer has recently had their VPS compromised
and has discovered probes for this vulnerability as described here:
http://blog.sucuri.net/2012/05/php-cgi-vulnerability-exploited-in-the-wild.…
So, if you are running PHP in CGI mode you absolutely must secure it
against this.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEAREDAAYFAk+qfa4ACgkQIJm2TL8VSQuJhQCcDEmoMJkMPV7agl7QQZA9D8O1
SzgAoLYM0CtNXYLTURWslRykWONBlgxv
=SrFn
-----END PGP SIGNATURE-----
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users
5:08 p.m.
New subject: PHP-CGI exploit probes seen - please make sure your VPS is secured against this
Hello,
On Wed, May 09, 2012 at 05:26:35PM +0100, Adam Spiers wrote:
I see a couple of scans in my logs from a few days
ago. Am I right in
thinking the only Debian fix available is in sid?
I haven't looked into it much as I don't run PHP in CGI mode
anywhere (FastCGI is OK), but it seems that this is the case.
http://security-tracker.debian.org/tracker/CVE-2012-1823
Note that there is a workaround described in
which blocks requests that have query strings that start with '-'.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
5:18 p.m.
New subject: PHP-CGI exploit probes seen - please make sure your VPS is secured against this
Adam Spiers asked:
I see a couple of scans in my logs from a few days
ago. Am I right in
thinking the only Debian fix available is in sid?
An update for PHP in Squeeze became available in the last hour, I
presume it covers this. There are also a few more packages being
updated.
Ian
6:42 p.m.
New subject: PHP-CGI exploit probes seen - please make sure your VPS is secured against this
On Wed, 9 May 2012 18:18:00 +0100
Ian <ian(a)lovingboth.com> wrote:
An update for PHP in Squeeze became available in the
last hour, I
presume it covers this. There are also a few more packages being
updated.
Thanks for mentioning that, just done another update (did one
yesterday) and found 9 packages available to be upgraded included
several php5 ones.
Haven't had so many updates in squeeze for months (at least it feels
like that) ;-)
--
John Lewis
Debian & the GeneWeb genealogical data server
6:48 p.m.
New subject: PHP-CGI exploit probes seen - please make sure your VPS is secured against this
On 09/05/2012 18:18, Ian wrote:
An update for PHP in Squeeze became available in the
last hour, I
presume it covers this. There are also a few more packages being
updated.
There are PHP updates for CentOS 5 and 6, too - just run "yum update".
Regards,
Mike
10 May
10 May
1:14 a.m.
New subject: PHP-CGI exploit probes seen - please make sure your VPS is secured against this
On 05/10/12 00:22, Andy Smith wrote:
Hi,
As you may be aware a major security problem was recently found in PHP when
run in CGI mode. A customer has recently had their VPS compromised
and has discovered probes for this vulnerability as described here:
http://blog.sucuri.net/2012/05/php-cgi-vulnerability-exploited-in-the-wild.…
So, if you are running PHP in CGI mode you absolutely must secure it
against this.
A friend of mine thinks php5-suhosin prevents the attack from working.
7:39 a.m.
New subject: PHP-CGI exploit probes seen - please make sure your VPS is secured against this
On 10 May 2012 09:14, Duane <duane(a)e164.org> wrote:
A friend of mine thinks php5-suhosin prevents the
attack from working.
Suhosin has been harmful other folks say.
https://pierre-schmitz.com/php-5-4-1-in-suhosin-out/
http://mailman.archlinux.org/pipermail/arch-announce/2012-May/000312.html
8:06 a.m.
New subject: PHP-CGI exploit probes seen - please make sure your VPS is secured against this
Kai Hendry wrote:
On 10 May 2012 09:14, Duane<duane(a)e164.org>
wrote:
What is harmful?
All I saw was someone disliking the slow updates.
A friend of mine thinks php5-suhosin prevents the
attack from working.
Suhosin has been harmful other folks say.
https://pierre-schmitz.com/php-5-4-1-in-suhosin-out/
http://mailman.archlinux.org/pipermail/arch-announce/2012-May/000312.html
8:10 a.m.
New subject: PHP-CGI exploit probes seen - please make sure your VPS is secured against this
On 10 May 2012 16:06, Duane <duane(a)e164.org> wrote:
What is harmful?
All I saw was someone disliking the slow updates.
Surely you answered your own question there?
slow updates = harmful
It seems to be the modern day security theme of late.
8:16 a.m.
New subject: PHP-CGI exploit probes seen - please make sure your VPS is secured against this
Kai Hendry wrote:
On 10 May 2012 16:06, Duane<duane(a)e164.org>
wrote:
I disagree, ubuntu has long term support for older packages so people
don't have to always be at the bleeding edge, but instead prefer a
stable system.
What is harmful?
All I saw was someone disliking the slow updates.
Surely you answered your own
question there?
slow updates = harmful
It seems to be the modern day security theme of late.
4609
days inactive
4610
days old
13 comments
9 participants
participants (9)
-
Adam Spiers -
Alan Pope -
Andy Smith -
Duane -
Ian -
john lewis -
Kai Hendry -
Mike Zanker -
Murray Crane