Security patch improved: Malicious code attacks on PHP possible
Attackers can bypass the protection for a PHP vulnerability from 2012 under Windows. The vulnerability should have been closed long ago.
(Image: Artur Szczybylo/Shutterstock.com)
Apparently, PHP developers have not correctly closed a software vulnerability from 2012. As security researchers have now discovered, attacks are still possible under certain conditions despite the patch being installed. A revised security update is now available.
The security problem
This was discovered by security researchers from Devcore, who explain their findings in an article. They have discovered that the patch against the"critical" malware vulnerability with the identifier CVE-2012-1823 can be bypassed under Windows.
According to them, this is due to the best-fit function of the encoding conversion under Windows. In the course of this, attackers should be able to bypass the protection using certain character strings that they send to the PHP CGI script in order to carry out an argument injection attack.
The researchers explain that attackers can directly execute malicious code on servers with the local settings Traditional Chinese (code page 950), Simplified Chinese (code page 936) or Japanese (code page 932).
New security update available
Bypassing the patch has led to a new vulnerability (CVE-2024-4577"critical"). To secure systems, admins must install one of the versions 8.1.29, 8.2.20 or 8.3.8 secured in the PHP changelog. All previous versions are said to be at risk. This also includes all XAMPP versions in the default settings.
In their article, the researchers describe how admins can find out whether their systems are vulnerable. They also show how admins can temporarily secure systems if it is not currently possible to install the security update.
The researchers report that they contacted the PHP developers about the problem at the beginning of May this year. The security update was released just under a month later.
(des)
