TechTarget

Large security holes found in PHP

The PHP development team has released an update for the widely used scripting language that fixes a number of serious bugs,...

The PHP development team has released an update for the widely used scripting language that fixes a number of serious bugs, according to the project and independent security researchers.

The developers warned that users should update to PHP 4.3.10 immediately, since some of the bugs are relatively easy to exploit.

Stefan Esser of the Hardened PHP Project, which discovered the most serious flaws during development of security add-ons for PHP, said the bugs range "from buffer overflows, to information leak vulnerabilities and path truncation vulnerabilities, to safe-mode restriction bypass vulnerabilities".

The most immediately dangerous flaws can allow attackers to execute malicious code on a system. The Hardened-PHP patch makes some of the exploits ineffective.

Attackers could make use of some of the vulnerabilities to retrieve secret data from the "Apache" web server process, bypass security restrictions and gain escalated privileges, Esser said.

The PHP update also fixes more than 30 non critical bugs, developers said.

PHP is one of the most commonly used scripting languages on the Internet, and is often embedded in HTML pages.

Matthew Broersma writes for Techworld.com

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

This Content Component encountered an error

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close