Your browser does not seem to support CSS. If images appear below, please disregard them.
It appears that you're running an Ad-Blocker. This site is monetized by Advertising and by User Donations; we ask that if you find this site helpful that you whitelist us in your Ad-Blocker, or make a Donation to help aid in operating costs.
Previous Thread
Next Thread
Print Thread
Rate This Thread
#39977 - 12/17/04 09:51 AM Big security holes found in PHP  
Joined: Nov 2002
Posts: 1,146
Ice Offline
UGN News Staff
Ice  Offline
UGN News Staff

Joined: Nov 2002
Posts: 1,146
Likes: 1
Canada
The PHP development team has released an update for the widely used scripting language that fixes a number of highly serious bugs, according to the project and independent security researchers.

The developers warned that users should update to PHP 4.3.10 immediately, since some of the bugs are relatively easy to exploit.

Stefan Esser of the Hardened PHP Project, which discovered the most serious flaws during development of security add-ons for PHP, said in an advisory the bugs range "from buffer overflows, to information leak vulnerabilities and path truncation vulnerabilities, to safe_mode restriction bypass vulnerabilities".

The most immediately dangerous flaws relate to PHP's variable unserialiser, unserialize (), which can allow attackers to execute malicious code on a system. "A lot of PHP applications expose the easy-to-exploit unserialize() vulnerability to remote attackers," Esser wrote. He noted that the Hardened-PHP patch makes some of the exploits ineffective.

Attackers could make use of some of the other vulnerabilities to retrieve secret data from the "apache" Web server process, bypass security restrictions and gain escalated privileges, Esser said.

Secunia, an independent security research firm based in Denmark, gave the flaws a "highly critical" rating. The PHP update also fixes more than 30 non-critical bugs, PHP developers said. A complete list of changes is available on the PHP website.

PHP is one of the most commonly used scripting languages on the Internet, and is often embedded in HTML pages.

Techworld News


Good artists copy, great artists
steal.

-Picasso
Sponsored Links
#39978 - 12/17/04 09:22 PM Re: Big security holes found in PHP  
Joined: Dec 2002
Posts: 3,255
§intå× Offline
§intå×  Offline



Joined: Dec 2002
Posts: 3,255
Likes: 1
Maryland
First, I love your site.

Second, I must say this makes me sad and happy. Sad PHP left gaping holes in there. Happy they have fixed them. Now to see if my host has updated. Thanx.


My New site OpenEyes

Member Spotlight
Gremelin
Gremelin
Portland, OR; USA
Posts: 7,195
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums45
Topics46,767
Posts81,937
Average Daily Posts10
Members2,159
Most Online1,567
Apr 25th, 2010
Latest Postings
Top Posters(All Time)
UGN Security 39,931
Gremelin 7,195
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Liked Users (All Time)
§intå× Likes: 1
Cold Sunn Likes: 1
Crime Likes: 1
Cyrez Likes: 1
Ghost Likes: 1
Gremelin Likes: 4
Ice Likes: 1
unreal Likes: 1
Top Liked Users (30 Days)
Powered by UBB.threads™ PHP Forum Software 7.6.0
(Snapshot build 20160902)