Large security holes found in PHP

The PHP development team has released an update for the widely used scripting language that fixes a number of highly serious bugs, according to the project and independent security researchers.

The developers warned that users should update to PHP 4.3.10 immediately, since some of the bugs are relatively easy to exploit.

Stefan Esser of the Hardened PHP Project, which discovered the most serious flaws during development of security add-ons for PHP, said in an advisory the bugs range "from buffer overflows, to information leak vulnerabilities and path truncation vulnerabilities, to safe_mode restriction bypass vulnerabilities".

The most immediately dangerous flaws relate to PHP's variable unserialize(), which can allow attackers to execute malicious code on a system. "A lot of PHP applications expose the easy-to-exploit unserialize() vulnerability to remote attackers," Esser wrote. He noted that the Hardened-PHP patch makes some of the exploits ineffective.

Attackers could make use of some of the other vulnerabilities to retrieve secret data from the "apache" Web server process, bypass security restrictions and gain escalated privileges, Esser said.

Secunia, an independent security research firm based in Denmark, gave the flaws a "highly critical" rating. The PHP update also fixes more than 30 noncritical bugs, PHP developers said. A complete list of changes is available on the PHP website.

PHP is one of the most commonly used scripting languages on the Internet, and is often embedded in HTML pages.

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma

Techworld.com
Show Comments

Essentials

James Cook University - Master of Data Science Online Course

Learn more >

Mobile

Exec

Budget

Back To Business Guide

Click for more ›

Brand Post

Bitdefender 2018

Roam freely in the digital world. Critically acclaimed performance and security at your fingertips.

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?