FreeBSD : suPHP -- Privilege escalation (2fbfd455-f2d0-11e2-8a46-000d601460a4)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

suPHP developer Sebastian Marsching reports :

When the suPHP_PHPPath was set, mod_suphp would use the specified PHP
executable to pretty-print PHP source files (MIME type
x-httpd-php-source or application/x-httpd-php-source).

However, it would not sanitize the environment. Thus a user that was
allowed to use the SetEnv directive in a .htaccess file (AllowOverride
FileInfo) could make PHP load a malicious configuration file (e.g.
loading malicious extensions).

As the PHP process for highlighting the source file was run with the
privileges of the user Apache HTTPd was running as, a local attacker
could probably execute arbitrary code with the privileges of this
user.

See also :

https://lists.marsching.com/pipermail/suphp/2013-May/002552.html
http://www.nessus.org/u?fa79d951

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 69008 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now