COMMAND

	PHP CGI priviledge escalation and remote file compromise

SYSTEMS AFFECTED

	PHP/CGI version 4.3.0

PROBLEM

	Thank Kosmas Skiadopoulos for discovering this vulnerability, posted  by
	The PHP Group :
	
	PHP contains code for preventing direct access to the  CGI  binary  with
	configure  option  "--enable-force-cgi-redirect"  and   php.ini   option
	"cgi.force_redirect". In PHP 4.3.0 there is a bug  which  renders  these
	options useless.
	   
	NOTE: This bug does NOT affect any of the other SAPI modules.
	      (such as the Apache or ISAPI modules, etc.)
	
	
	 Impact
	 ======
	
	Anyone with access to websites hosted on a web server which employs  the
	CGI module may exploit this vulnerability to gain  access  to  any  file
	readable by the user under which the webserver runs.
	
	A remote attacker could also trick  PHP  into  executing  arbitrary  PHP
	code if attacker is able to inject the code  into  files  accessible  by
	the CGI. This could be for example the web server access-logs.

SOLUTION

	The PHP Group has released a new PHP version, 4.3.1, which  incorporates
	a fix for the vulnerability. All users  of  affected  PHP  versions  are
	encouraged to upgrade to this latest version. The downloads web site at
	
	 http://www.php.net/downloads.php
	   
	has the new 4.3.1 source tarballs, Windows  binaries  and  source  patch
	from 4.3.0 available for download. You will  only  need  to  upgrade  if
	you're using the CGI module of PHP 4.3.0. There are  no  other  bugfixes
	contained in this release.