Fix for mod_fcgid exploit?

[horst rupp]

Hello,

will there be a fix for the mod_fcgid vulnerability/exploit for plesk 9.5 or a workaround? I have psa-mod_fcgid-1.10-3.rpm installed and the vuln is present there. If I set a domains php to fastcgi and open this php-script it crashes apache with segfault:

<?php
error_log(str_repeat("x", 20000));
?>

... as described here: http://blog.tigertech.net/posts/cve-2013-4365/

There's already an exploit available online (http://www.1337day.com/exploit/description/21471 but I can't check it out, because they only sell it but should be somewhere for free soon).

Anyway the sourcecode of psa-mod_fcgid-1.10-3.rpm should be somewhere published by parallels but didn't find it anywhere?


regards
ho

 

[Amin Taheri]

maybe try one of the atomic packages?

http://3es.atomicrocketturtle.com/c..._64/RPMS/mod_fcgid-2.3.4-2.el5.art.x86_64.rpm


You could also run this

wget -q -O - http://www.atomicorp.com/installers/atomic | sh


and then yum -y upgrade to see if it will update your system with the best packages available

 

[horst rupp]

maybe try one of the atomic packages?
http://3es.atomicrocketturtle.com/c..._64/RPMS/mod_fcgid-2.3.4-2.el5.art.x86_64.rpm

Thanks for the idea but could I be sure that doesn't break anything? After all there's also a mod_fcgi rpm in centos and I don't know how much it differs from the psa-mod_fcgid and psa-mod-fcgid-configurator packages? would be really useful to have the source-code.

 

[Amin Taheri]

You can also get the srpm from the same place if you browse up a few directories. I've been using either the ART version or the cloud linux version for years now with out issue.

 

[horst rupp]

You can also get the srpm from the same place if you browse up a few directories. I've been using either the ART version or the cloud linux version for years now with out issue.

but where do I find the source of the parallels version to compare it to?