The Month of PHP Bugs: intermediate results
Thirteen holes in seven days: this is the current status of the Month of PHP Bugs (MOPB). So far, however, MOPB has more of a documentary flavour, since the initiators mostly publish information on bugs that have already been fixed. While in contrast to the other Month-of-X projects, MOPB does not come up with surprising news, users have the advantage of having to deal with only a few bugs for which no patches have yet been released; concerns that the MOPB would damage rather than serve the project, seem to be needless.
Since our last news on the MOPB, the project has disclosed a security advisory on holes in the PHP-4 extension Ovrimos, which allow code execution on a system, and also an advisory on a bug in the Apache module mod_security, which allows hackers to fool the filter. Since mod_security is not part of PHP, but only used together with PHP, the initiators have marked this advisory as a "BONUS". Another advisory informs on bugs during the deserialisation of session information in WDDX and php_binary, which may be exploited to spy out information.
However, another bug in the current PHP version 4.4.6 has not been published by the MOPB: a buffer overflow in the functions mssql_connect and mssql_pconnect may be exploited to manipulate the stack. An exploit has already been published; according to reports, this bug may cause the web server to crash.
- the Month of PHP Bugs, MOPB project site
- HP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow, report by retrogod