CRITICAL exploit on CGI mode PHP

crazybob

894
+0/-0

Re: CRITICAL exploit on CGI mode PHP

« Reply #15 on: May 10, 2012, 03:27:10 AM »

Yes, that worked for the 2 i-bays i am using the php5-cgi in, but zarafa webaccess .htaccess is in the /usr/share/zarafa-webshare folder. I am not sure how to make the additions activate.

Bob

« Last Edit: May 10, 2012, 03:35:06 AM by crazybob »

Logged

If you think you know whats going on, you obviously have no idea whats going on!

madadam

149
+0/-0

Re: CRITICAL exploit on CGI mode PHP

« Reply #16 on: May 10, 2012, 03:40:02 AM »

Quote from: crazybob on May 10, 2012, 03:27:10 AM

Yes, that worked for the 2 i-bays i am using the php5-cgi in, but zarafa webaccess .htaccess is in the /usr/share/zarafa-webshare folder

Ahh, I see. You'll need to create a custom template segment of the /etc/httpd/conf/httpd.conf file in /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf folder in which you explicitly set AllowOverride All for example:

Code: [Select]

<Directory /usr/share/zarafa-webshare>
  AllowOverride All
  [Other options - see search current httpd.conf file for this segment to see]
</Directory>

Hope this brief overview helps.

Adam

Logged

...

crazybob

894
+0/-0

Re: CRITICAL exploit on CGI mode PHP

« Reply #17 on: May 10, 2012, 04:27:04 AM »

I have a fragment that set zarafa webaccess to use php5-cgi

Code: [Select]

<Directory /usr/share/zarafa-webaccess>
       AddHandler php5-cgi .php
       Action php5-cgi /php5-cgi/php-cgi
</Directory>

Should I be able to insert AllowOverride All into this fragment, or will I need to make a new fragment?

Logged

If you think you know whats going on, you obviously have no idea whats going on!

madadam

149
+0/-0

Re: CRITICAL exploit on CGI mode PHP

« Reply #18 on: May 10, 2012, 04:38:01 AM »

Quote from: crazybob on May 10, 2012, 04:27:04 AM

I have a fragment that set zarafa webaccess to use php5-cgi
Code: [Select]
<Directory /usr/share/zarafa-webaccess> AddHandler php5-cgi .php Action php5-cgi /php5-cgi/php-cgi </Directory>
Should I be able to insert AllowOverride All into this fragment, or will I need to make a new fragment?

Yes, simply add the AllowOverride All parameter to this block and expand the httpd.conf template.

Adam

Logged

...

crazybob

894
+0/-0

Re: CRITICAL exploit on CGI mode PHP

« Reply #19 on: May 10, 2012, 04:54:20 AM »

I inserted as per discussion, but when I test webaccess, it still shows the source code. I also verified that the suggested code was in the .htaccess file.

Bob

Logged

If you think you know whats going on, you obviously have no idea whats going on!

janet

4,812
+0/-0

Re: CRITICAL exploit on CGI mode PHP

« Reply #20 on: May 10, 2012, 05:07:42 AM »

crazybob

restart
httpd-e-smith
zarafa
and
php
or just do a reboot

Logged

Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

crazybob

894
+0/-0

Re: CRITICAL exploit on CGI mode PHP

« Reply #21 on: May 10, 2012, 05:26:13 AM »

Thanks Mary, I just preformed an reboot, and no change, it still shows the source code when I test it.

Logged

If you think you know whats going on, you obviously have no idea whats going on!

madadam

149
+0/-0

Re: CRITICAL exploit on CGI mode PHP

« Reply #22 on: May 10, 2012, 05:33:29 AM »

Quote from: crazybob on May 10, 2012, 05:26:13 AM

Thanks Mary, I just preformed an reboot, and no change, it still shows the source code when I test it.

OK, first off determine whether or not Apache is reading the .htaccess file. If not you will need to go through and read what's going on in the complete httpd.conf file to make sure nothing is overriding your setting. You could also try doing the mod_rewrite in the httpd.conf custom template segment thereby bypassing the need for a .htaccess file in the first place.

Good luck!

Adam

Logged

...

madadam

149
+0/-0

Re: CRITICAL exploit on CGI mode PHP

« Reply #23 on: May 10, 2012, 05:36:14 AM »

BTW Bob you could try making *temporary* changes directly to the httpd.conf file, making sure you restart the service as Mary said. It will be a faster way to figure out what's going on. When you've nutted it out then use custom template segments to make the changes permanent.

Adam

Logged

...

janet

4,812
+0/-0

Re: CRITICAL exploit on CGI mode PHP

« Reply #24 on: May 10, 2012, 05:39:30 AM »

crazybob

Maybe this is useful
http://wiki.contribs.org/Htaccess

Logged

Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

CharlieBrady

6,918
+3/-0

Re: CRITICAL exploit on CGI mode PHP

« Reply #25 on: May 10, 2012, 05:15:04 PM »

Quote from: jameswilson on May 08, 2012, 05:37:14 PM

Adam, how would it be fixed in sme?

There is nothing to fix in SME, as SME does not have this flaw (does not operate PHP in CGI mode).

Logged

CharlieBrady

6,918
+3/-0

Re: CRITICAL exploit on CGI mode PHP

« Reply #26 on: May 10, 2012, 05:19:13 PM »

Quote from: madadam on May 10, 2012, 05:33:29 AM

You could also try doing the mod_rewrite in the httpd.conf custom template segment thereby bypassing the need for a .htaccess file in the first place.

That's exactly what people should be doing - add the appropriate rewrite entries in the httpd template fragment which enables the php-cgi for particular URLs. .htaccess is only there for people who don't control httpd.conf, or for (probably unsafe) applications which make their own changes on the fly via changes in .htaccess.

Logged

madadam

149
+0/-0

Re: CRITICAL exploit on CGI mode PHP

« Reply #27 on: May 12, 2012, 05:33:16 AM »

Quote from: CharlieBrady on May 10, 2012, 05:19:13 PM

That's exactly what people should be doing - add the appropriate rewrite entries in the httpd template fragment which enables the php-cgi for particular URLs. .htaccess is only there for people who don't control httpd.conf, or for (probably unsafe) applications which make their own changes on the fly via changes in .htaccess.

Yes, exactly. Unfortunately I still need to use PHP5-cgi on one of my SME 7 machines, I'm waiting until SME 8 RC 1 before I consider moving everything over to SME 8. Currently I have some machines on SME 8 b7 but only because they can be quickly and easily rebuilt if need be. So fingers crossed!

Thanks for the feedback Charlie!

Adam

Logged

...

crazybob

894
+0/-0

Re: CRITICAL exploit on CGI mode PHP

« Reply #28 on: May 12, 2012, 02:37:21 PM »

I tried putting the entries in the appropriate fragment, and still no luck. the fragment looks like this now

Code: [Select]

<Directory /usr/share/zarafa-webaccess>
       AddHandler php5-cgi .php
       Action php5-cgi /php5-cgi/php-cgi
RewriteCond %{QUERY_STRING} ^[^=]*$
RewriteCond %{QUERY_STRING} %2d|\- [NC]
RewriteRule .? - [F,L]
</Directory>

Is there anything I am missing?

Bob

Logged

If you think you know whats going on, you obviously have no idea whats going on!

cactus

4,880
+3/-0

Re: CRITICAL exploit on CGI mode PHP

« Reply #29 on: May 13, 2012, 07:49:31 PM »

Quote from: crazybob on May 12, 2012, 02:37:21 PM

I tried putting the entries in the appropriate fragment, and still no luck. the fragment looks like this now
Code: [Select]
<Directory /usr/share/zarafa-webaccess> AddHandler php5-cgi .php Action php5-cgi /php5-cgi/php-cgi RewriteCond %{QUERY_STRING} ^[^=]*$ RewriteCond %{QUERY_STRING} %2d|\- [NC] RewriteRule .? - [F,L] </Directory>Is there anything I am missing?

I don't know, but shouldn't RewriteCond rules and the like not be placed outside Location and Directory blokcks like so?

Code: [Select]

RewriteCond %{QUERY_STRING} ^[^=]*$
RewriteCond %{QUERY_STRING} %2d|\- [NC]
RewriteRule .? - [F,L]

<Directory /usr/share/zarafa-webaccess>
       AddHandler php5-cgi .php
       Action php5-cgi /php5-cgi/php-cgi
</Directory>

Logged

Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)