cPanel Protects Against PHP Vulnerability

cPanel & WHM servers using the default cPanel PHP CGI configuration are not vulnerable to the command line switch vulnerability.

A recently disclosed flaw in PHP’s CGI implementation allows malicious users to remotely view and execute source code. The exploit was documented by the Eindbazen team and documented as CVE-2012-1823.

cPanel & WHM servers are not affected by this, thanks in part to a wrapper script used by cPanel & WHM when Apache is configured to use CGI for the PHP handler. This wrapper script does not pass through any command line options.

Server administrators are encouraged to verify their PHP configuration.

When configured to use CGI or FCGI, cPanel & WHM instructs Apache to use the following wrapper script /usr/local/cpanel/cgi-sys/php5 or /usr/local/cpanel/cgi-sys/php4 (The number after “php” is based upon the current major version of PHP.) The unmodified version of the wrapper script looks like the following:

The $binary placeholder will contain /usr/bin/php or /usr/php4/bin/php By default, no command line parameters are included.

# If you customize the contents of this wrapper script, place
# a copy at /var/cpanel/conf/apache/wrappers/php$php_version
# so that it will be reinstalled when Apache is updated or the
# PHP handler configuration is changed
exec $binary

Read CVE-2012-1823