Description of problem, how reproducible and steps to reproduce: Mod_php under Apache 2.0.x leaks a critical file descriptor that can be used to takeover (hijack) the https service. All in all it's described at Bugtraq: http://www.securityfocus.com/archive/1/348368 Version-Release number of selected component (if applicable): httpd-2.0.48-4 Actual results: I talked with a guy of php.net, he said, that it is an Apache related problem, so something like that is maybe possible with phyton, too. He said too, that Apache will provide a patch for that - anytime... Expected results: Fixed httpd asap ;) the fix is like this: fcntl( X, F_SETFD, FD_CLOEXEC ); But the question is where to place it, X should also be replaced with the real variable's name. Additional info: Red Hat Linux 9 is vulnerable, too.
This "leaking" of file descriptors does not have security implications unless you consider that the PHP interpreter provides a "security sandbox" from which it is possible to run untrusted code. For further information, read our write-up in ApacheWeek: http://www.apacheweek.com/issues/04-01-23#security