PHP-CGI Exploit is in the wild. Get protected ASAP.

The vulnerability that sat undetected for 7 years was disclosed last week, but today it has been announced that exploits have been seen in the wild.  They are working on releasing a new patch. This is pretty bad as it’s not exploiting one particular web application, rather, it is exploiting web servers running PHP in general.

The quick fix is to add this to the .htaccess file on your website(s):

RewriteEngine on
RewriteCond %{QUERY_STRING} ^[^=]*$
RewriteCond %{QUERY_STRING} %2d|- [NC]
RewriteRule .? – [F,L]

Unless you have compiled PHP from source on your web server, you will need to wait for your vendor (Cpanel, WHM, RedHat, CentOS, etc) to release the updated version. I suggest you implement the above .htaccess fix in the meantime.

 

Edit 5/9/12 12:19PM Eastern:

Most cPanel configurations are protected by default: http://www.cpanel.net/2012/05/cpanel-protects-against-php-vulnerability.html

VMware – RHEL / CentOS 6.2 – Network Issues

Howdy folks,

I just grabbed CentOS 6.2 (don’t know if it’s an issue in 6.0, 6.1), but an installation with the “Basic Server” within VMware Fusion 4.1.1 delivered no IP address etc. when leaving DHCP/NAT as the default.

Finding: Seems, either something is goofed in the dhclient or NetworkManager (now default for RHEL 6.x).

Fix: I brought the network interface up “ifup eth0”, then ran “dhclient eth0”, obtained an IP and ran “yum update -y”, after which (I noticed dhclient was in the updates), I was able to reboot and all worked well.

Not a big deal, as you could have just manually configured your network script, but maybe it will help someone. 🙂

RHEL 5.3 and Depsolve problems in Yum

During some recent server patches on Red Hat Enterprise Linux 5.3, I kept getting ‘depsolve’ errors on several packages. This was odd, as I had not made any changes to anything, installed anything new, or removed anything.

Turns out this is a known bug in 5.3, and luckily, the solution is simple:

$> yum clean all

Run that, and it refreshes your local repository. The next time you go to update packages your server will refresh everything with the Red Hat respository, and all will be good!

How to recover MySQL’s “root” password quickly

Have you ever been in a rush or just had a complete brain freeze with your MySQL passwords?

Well…..I have.  🙂

——————————-

Step # 1 : Stop mysql service

——————————-

Step # 2: Start to MySQL server w/o password:

——————————-

Step # 3: Connect to mysql server using mysql client and setup the new root password:

——————————-

Step #4: Stop and Restart MySQL Server: (try your new $PASSWORD)

——————————-

Note: There are other ways to reset the password, but I like this one.

Fedora 11 – VMware Workstation 6.5.2

Over the past few years several people on the VMware communities forums have released patches to fix the vmware modules for the next “fresh” release of the Linux Kernel / Distro. I’ve used them in the past with much success, but I generally like waiting for the official VMware support. However, I’m pretty excited about Fedora 11 (just to many new goodies not to play) and I noticed there’s a new updated patch for 2.6.29 and even 2.6.30 Kernels!

VMware Workstation 6.5.2 module patches/discussion: 2.6.29

VMware Workstation 6.5.2 module patches/discussion: 2.6.30

Sun has official Fedora 11 support (and now 2.6.31) with VirtualBox: VirtualBox 3.0.0 (if that’s your cup of tea)

Note: Obviously Fedora is the test bed for the QEMU/KVM merger so you can go that route as well, but I love VMware. ;0)
Here is a great article to get you moving on the QEMU/KVM way of life: Clik Me

HTH