Welcome! Log In Create A New Profile

Re: nginx 0day exploit for nginx + fastcgi PHP

Forum List Message List New Topic Print View

zsero

October 30, 2012 01:01PM

Registered: 11 years ago
Posts: 6

I know it's an old thread but my question really belongs to here.

1. Can you confirm that with recent PHP implementations (5.3.9+) this fix isn't needed anymore?

2. Does it mean that some PHP implementations like the up-to-date ones in DotDeb repository doesn't need it (PHP 5.4.8 and PHP 5.3.18), but Debian stable still needs it (5.3.3-7+squeeze14)?
http://packages.debian.org/stable/php/
http://www.dotdeb.org/

Thanks!

Reinis Rozitis Wrote:
-------------------------------------------------------
> > Seriously if it doesn't works for lighttppd that use php fcgi and
> works
> > for nginx it is nginx issue isn't it ?
>
> With certain configuration similar issues are also in apache but it
> doesn't necessary mean the webserver is at fault.
>
> Since php 5.3.9 the fpm sapi has 'security.limit_extensions'
> (defaults to '.php') which limits the extensions of the main script
> FPM will allow to parse.
> It should prevent poor configuration mistakes.
>
>
> rr
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
nginx 0day exploit for nginx + fastcgi PHP	Avleen Vig	May 21, 2010 01:14PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Avleen Vig	May 21, 2010 01:30PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Eren Türkay	May 25, 2010 11:44AM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	May 21, 2010 01:30PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 21, 2010 01:36PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 21, 2010 01:44PM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	May 21, 2010 01:52PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 21, 2010 02:16PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian Evans	May 21, 2010 02:30PM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	May 21, 2010 02:40PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 21, 2010 02:40PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 21, 2010 03:10PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 21, 2010 04:46PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian Evans	May 21, 2010 04:58PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 21, 2010 05:20PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian Evans	May 21, 2010 05:54PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 22, 2010 02:10AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 01:28AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 22, 2010 01:32AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian Evans	May 22, 2010 03:00AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 22, 2010 03:58AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 05:46AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 22, 2010 06:12AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 06:22AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 22, 2010 06:26AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 06:56AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 08:22AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 22, 2010 08:30AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 08:48AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 06:30PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Jérôme Loyet	May 21, 2010 03:50PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Weibin Yao	May 23, 2010 11:24PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Jérôme Loyet	May 24, 2010 03:00AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Weibin Yao	May 24, 2010 04:20AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Cliff Wells	May 21, 2010 09:00PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Grzegorz Sienko	May 21, 2010 09:24PM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	May 21, 2010 09:34PM
Re: nginx 0day exploit for nginx + fastcgi PHP	gdork	January 26, 2011 11:07PM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	January 26, 2011 11:16PM
Re: nginx 0day exploit for nginx + fastcgi PHP	edogawaconan	January 27, 2011 12:28AM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	January 27, 2011 01:08AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Cliff Wells	May 21, 2010 10:42PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ding Deng	May 22, 2010 09:28AM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	May 22, 2010 03:30PM
Re: nginx 0day exploit for nginx + fastcgi PHP	brianmercer	May 21, 2010 05:03PM
Re: nginx 0day exploit for nginx + fastcgi PHP	tuurtnt	December 14, 2011 06:26PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Kraiser	February 17, 2012 09:53AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Reinis Rozitis	February 17, 2012 11:42AM
Re: nginx 0day exploit for nginx + fastcgi PHP	zsero	October 30, 2012 01:01PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 164

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018