In association with heise online

18 August 2006, 12:43

New PHP versions plug security vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

With the release of PHP versions 4.4.4 and 5.1.5, the PHP developers have plugged security vulnerabilities in the scripting language. Attackers could potentially exploit these vulnerabilities to carry out denial of service attacks against vulnerable systems or to infiltrate malicious software.

The new versions fix a bug in the way safe_mode/open_basedir is checked in the error_log(), file_exists(), imap_open() and imap_reopen() functions. It also fixes overflows in the str_repeat() and wordwrap() functions on 64-bit systems. An overflow can occur in the GD extension in all versions. The cURL extension permits an attacker to bypass the restrictions on open_basedir/safe_mode. In version 5.x, the bug also affects the realpath cache.

The sscanf() function also contains a buffer which can overflow. With version 5.1.5 an out of bounds read access is possible in stripos(). The PHP programmers have also fixed a bug in the way memory_limit is dealt with on 64 bit systems.

The fixed bugs are sure to be exploited by attackers in the near future. Users of PHP under Windows should therefore install the new versions as soon as possible. Linux distributors will probably also supply new packages shortly. Users who don't want to wait that long can compile PHP themselves using the current source code packages from the PHP website.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit