Is Synology's implementation of PHP vulnerable to this?
http://www.kb.cert.org/vuls/id/520827
PHP-CGI query string parameter vulnerability
Forum rules
This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://myds.synology.com/support/suppo ... p?lang=enu
This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://myds.synology.com/support/suppo ... p?lang=enu
2 posts
• Page 1 of 1
PHP-CGI query string parameter vulnerability
by thunderbird » Fri May 04, 2012 8:20 am
- thunderbird
- Sharp
- Posts: 181
- Joined: Tue Jul 17, 2007 12:22 pm
Re: PHP-CGI query string parameter vulnerability
by CoolRaoul » Sat May 05, 2012 9:32 am
Although Apache module "mod_cgid" is available in DSM apache:
It is not loaded by default in the current (DSM 4.0) implementation.
So unless you've manually edited your Apache configuration to explicitely load it with a line like this one:
you are not vulnerable
- Code: Select all
$ ls -l /usr/syno/apache/modules/mod_cgid.so
-rwxr-xr-x 1 root root 25060 2012-04-12 23:26 /usr/syno/apache/modules/mod_cgid.so
It is not loaded by default in the current (DSM 4.0) implementation.
So unless you've manually edited your Apache configuration to explicitely load it with a line like this one:
- Code: Select all
LoadModule cgid_module modules/mod_cgid.so
you are not vulnerable
CR
- CoolRaoul
- Sharp
- Posts: 162
- Joined: Tue May 18, 2010 7:08 pm
2 posts
• Page 1 of 1
Return to Web Server + PHP / MySQL
Who is online
Users browsing this forum: No registered users and 2 guests