Difference between revisions of "HIDS 30302"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "{{Infobox |header1= Rule 30302 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Self Healing: Critical vulnerability in PHP detected, attempting to remove dan...")
 
m (Description)
Line 10: Line 10:
  
 
'''This event is not caused by the rules, ASL or modsecurity.'''  This rule detects when PHP has been incorrectly configured to include a dangerous vulnerability that exposes the system to full compromise.  When this is detected, ASL will attempt to remove this vulnerability from PHP.  However, the vulnerablity is introduced through whatever vendor built and/or installed PHP on the system, and is not caused by ASL.  Therefore, ASL may not always be able to remove this dangerous vulnerability.
 
'''This event is not caused by the rules, ASL or modsecurity.'''  This rule detects when PHP has been incorrectly configured to include a dangerous vulnerability that exposes the system to full compromise.  When this is detected, ASL will attempt to remove this vulnerability from PHP.  However, the vulnerablity is introduced through whatever vendor built and/or installed PHP on the system, and is not caused by ASL.  Therefore, ASL may not always be able to remove this dangerous vulnerability.
 
If PHP has this vulnerability, it will segfault when it tries to run, as the ASL kernel will protect itself from this vulnerability in PHP.  The specific vulnerability is that PHP, or one of its modules, will try to configure itself to allow the stack to be executable.  This is both unnecessary for PHP or its modules to function, and creates a root level hole in the system making it possible for an attack to inject code right into the stack and compromise the entire system.
 
  
 
PHP is not distributed with this vulnerability, and is only introduced by vendors that specifically configure PHP in this vulnerable manner.  Please contact your PHP vendor to report this vulnerability.
 
PHP is not distributed with this vulnerability, and is only introduced by vendors that specifically configure PHP in this vulnerable manner.  Please contact your PHP vendor to report this vulnerability.
  
This rule does not cause this to occur, therefore disabling this rule will not prevent this.  Disabling this rule will both prevent ASL from attempting to fix this vulnerability, and will still leave PHP in a vulnerable and potentially broken state.  
+
This rule does not cause this to occur, therefore disabling this rule will not prevent this.  Disabling this rule will both prevent ASL from attempting to fix this vulnerability, and will still leave PHP in a vulnerable and potentially broken state.
  
 
= Troubleshooting =
 
= Troubleshooting =

Revision as of 15:38, 29 November 2012

Rule 30302
Status Active
Alert Message Self Healing: Critical vulnerability in PHP detected, attempting to remove dangerous exec stack bits from PHP modules.

Contents

Description

This event is not caused by the rules, ASL or modsecurity. This rule detects when PHP has been incorrectly configured to include a dangerous vulnerability that exposes the system to full compromise. When this is detected, ASL will attempt to remove this vulnerability from PHP. However, the vulnerablity is introduced through whatever vendor built and/or installed PHP on the system, and is not caused by ASL. Therefore, ASL may not always be able to remove this dangerous vulnerability.

PHP is not distributed with this vulnerability, and is only introduced by vendors that specifically configure PHP in this vulnerable manner. Please contact your PHP vendor to report this vulnerability.

This rule does not cause this to occur, therefore disabling this rule will not prevent this. Disabling this rule will both prevent ASL from attempting to fix this vulnerability, and will still leave PHP in a vulnerable and potentially broken state.

Troubleshooting

False Positives

None. This rule is not generated by ASL. This is a reporting rule, it simply reports when PHP is detected in this vulnerable condition, and attempts to fix it.

Guidance

Please contact your PHP vendor for assistance with removing this vulnerability should ASL not be able to remove it. Please see the php segfaults FAQ for additional information for assistance with correcting this vulnerability.


Additional Information

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Notes

Personal tools