In suEXEC_Daemon mode of the LiteSpeed web server spawns one PHP master process during startup. It is running as root and accepts LSAPI requests, which in turn specify what user under the script should run. The LSAPI request is authenticated with a MAC, which is based on preshared random key between the the PHP and the web server. We found, the Litespeed PHP SAPI module did not clear this secret in its child processes so it was available in the PHP process memory space of the child processes. The fix is available with the commit http://ift.tt/1Urdm2Z The fixed versions of PHP are: 5.5.31, 5.6.17 and 7.0.2. More information: http://ift.tt/1lTvPcw Imre Rad Search-Lab Ltd. http://ift.tt/23u5fZr http://www.scademy.com/
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment