note: if your PHP is running as a FAST CGI or DSO, then this can't be exploited.
so push your host to run 1 of the 2 AND have php upgraded to latest version.
this has been around in php/cgi for 8yrs...
you should really push your host to:
Cid advised Web servers administrators who run PHP through php-cgi, to update to the new PHP 5.4.3 or PHP 5.3.13, or to modify their setup so that it uses the PHP module (mod_php) under Apache or FastCGI, which is not vulnerable.
if possible, however..
