Detections
Analytics

FreeBSD : suPHP -- Privilege escalation (2fbfd455-f2d0-11e2-8a46-000d601460a4)

high Nessus Plugin ID 69008

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

suPHP developer Sebastian Marsching reports :

When the suPHP_PHPPath was set, mod_suphp would use the specified PHP executable to pretty-print PHP source files (MIME type x-httpd-php-source or application/x-httpd-php-source).

However, it would not sanitize the environment. Thus a user that was allowed to use the SetEnv directive in a .htaccess file (AllowOverride FileInfo) could make PHP load a malicious configuration file (e.g.
loading malicious extensions).

As the PHP process for highlighting the source file was run with the privileges of the user Apache HTTPd was running as, a local attacker could probably execute arbitrary code with the privileges of this user.

Solution

Update the affected package.

See Also

https://lists.marsching.com/shutdown.html

http://www.nessus.org/u?e894069a

Plugin Details

Severity: High

ID: 69008

File Name: freebsd_pkg_2fbfd455f2d011e28a46000d601460a4.nasl

Version: 1.5

Type: local

Published: 7/23/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:suphp, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/22/2013

Vulnerability Publication Date: 5/20/2013