All users are strongly encouraged to upgrade to the latest versions of PHP 7.3.11 and PHP 7.2.24.
Vulnerability in PHP7 exposes sites to remote hacking risk
The problem only applies to NGINX servers with PHP-FPM enabled.
A dangerous vulnerability (CVE-2019-11043) has been identified in the PHP 7 branch, which allows attackers to execute commands on the server using a specially generated URL.
According to experts, the bug is already actively used in attacks. The process of its operation is quite simple, besides the problem is compounded by the fact that earlier this week on the portal GitHub was posted PoC-code to identify vulnerable servers. As explained by experts, finding a vulnerable server, ” an attacker can send specially formed requests, adding ‘?a=’ in the URL”.
It is noted that the problem applies exclusively to NGINX servers with PHP-FPM (a software package for processing scripts in PHP) enabled. Vulnerable configurations are nginx, where the probros in PHP-FPM is carried out with the separation of parts of the URL using “fastcgi_split_path_info” and the definition of the environment variable PATH_INFO, but without first checking the existence of the file Directive “try_files $fastcgi_script_name” or the construction ” if (!-f $document_root$fastcgi_script_name)”. Example of vulnerable configuration:
“With a specially crafted URL, an attacker can achieve a path_info pointer offset by the first byte of the _fcgi_data_seg structure. Writing a zero to this byte will move the pointer ‘char* pos` to a previously running memory area, called by the FCGI_PUTENV trace overwrites some data (including other cgi AST variables),” the vulnerability description States. With this technique, an attacker can create a dummy variable PHP_VALUE fcgi and achieve code execution.
The developers released a patch for this vulnerability last Friday, October 25.
src and thanks: https://www.securitylab.ru/news/502087.php
regular update cycles:
Powerdown, snapshot, update, test… every week…
CentOS7 how to update to php 7.3:
snapshot/backup… in the way one should do.
hostnamectl; # tested on Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 5.X.X Architecture: x86-64 php -v; # check currently used php version yum update; # update all packages yum upgrade; yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm yum install yum-utils yum-config-manager --enable remi-php73 yum install php php-mcrypt php-cli php-gd php-curl php-mysql php-ldap php-zip php-fileinfo php -v /scripts/reboot.sh