HIDS 30302

From Atomicorp Wiki
Revision as of 14:38, 29 November 2012 by Mshinn (Talk | contribs)

Jump to: navigation, search
Rule 30302
Status Active
Alert Message Self Healing: Critical vulnerability in PHP detected, attempting to remove dangerous exec stack bits from PHP modules.

Contents

Description

This event is not caused by the rules, ASL or modsecurity. This rule detects when PHP has been incorrectly configured to include a dangerous vulnerability that exposes the system to full compromise. When this is detected, ASL will attempt to remove this vulnerability from PHP. However, the vulnerablity is introduced through whatever vendor built and/or installed PHP on the system, and is not caused by ASL. Therefore, ASL may not always be able to remove this dangerous vulnerability.

PHP is not distributed with this vulnerability, and is only introduced by vendors that specifically configure PHP in this vulnerable manner. Please contact your PHP vendor to report this vulnerability.

This rule does not cause this to occur, therefore disabling this rule will not prevent this. Disabling this rule will both prevent ASL from attempting to fix this vulnerability, and will still leave PHP in a vulnerable and potentially broken state.

Troubleshooting

False Positives

None. This rule is not generated by ASL. This is a reporting rule, it simply reports when PHP is detected in this vulnerable condition, and attempts to fix it.

Guidance

Please contact your PHP vendor for assistance with removing this vulnerability should ASL not be able to remove it. Please see the php segfaults FAQ for additional information for assistance with correcting this vulnerability.


Additional Information

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Notes

Personal tools