UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
November
Su M Tu W Th F Sa
1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30
Sponsored Links
Latest Postings
Latest Reviews
Topic Options
Rate This Topic
#39977 - 12/17/04 04:51 AM Big security holes found in PHP
Ice Offline
UGN News Staff

Registered: 11/29/02
Posts: 1146
Loc: Canada
The PHP development team has released an update for the widely used scripting language that fixes a number of highly serious bugs, according to the project and independent security researchers.

The developers warned that users should update to PHP 4.3.10 immediately, since some of the bugs are relatively easy to exploit.

Stefan Esser of the Hardened PHP Project, which discovered the most serious flaws during development of security add-ons for PHP, said in an advisory the bugs range "from buffer overflows, to information leak vulnerabilities and path truncation vulnerabilities, to safe_mode restriction bypass vulnerabilities".

The most immediately dangerous flaws relate to PHP's variable unserialiser, unserialize (), which can allow attackers to execute malicious code on a system. "A lot of PHP applications expose the easy-to-exploit unserialize() vulnerability to remote attackers," Esser wrote. He noted that the Hardened-PHP patch makes some of the exploits ineffective.

Attackers could make use of some of the other vulnerabilities to retrieve secret data from the "apache" Web server process, bypass security restrictions and gain escalated privileges, Esser said.

Secunia, an independent security research firm based in Denmark, gave the flaws a "highly critical" rating. The PHP update also fixes more than 30 non-critical bugs, PHP developers said. A complete list of changes is available on the PHP website.

PHP is one of the most commonly used scripting languages on the Internet, and is often embedded in HTML pages.

Techworld News
_________________________
Good artists copy, great artists
steal.

-Picasso

Top
Sponsored Links
      
#39978 - 12/17/04 04:22 PM Re: Big security holes found in PHP
§intå× Offline


*****

Registered: 12/03/02
Posts: 3255
Loc: Maryland
First, I love your site.

Second, I must say this makes me sad and happy. Sad PHP left gaping holes in there. Happy they have fixed them. Now to see if my host has updated. Thanx.
_________________________
My New site OpenEyes

Top

Featured Member
Registered: 08/22/14
Posts: 1
Forum Stats
2151 Members
46 Forums
35778 Topics
70948 Posts

Max Online: 1567 @ 04/25/10 05:20 AM
Top Posters
UGN Security 28939
Gremelin 7193
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
HushHush, golqm, Tim050, Gecko666, defghi795767
2150 Registered Users
Who's Online
0 registered (), 357 Guests and 303 Spiders online.
Key: Admin, Global Mod, Mod
Latest News
luxury goods sales at $405B by 2019
by golqm
10/28/14 05:19 AM


Donate
  Get Firefox!
Get FireFox!