Security Problems In Php!

Discussion in 'Gaming' started by MarkWLI, Dec 20, 2004.

  1. Dec 20, 2004 at 5:34 PM #1
    MarkWLI

    MarkWLI Guest

    Numerous security holes in the scriptlanguage PHP

    Because of a number of flaws in the scriptlanguage PHP, it's possible for an attacker to inject and execute his own code on a server. According to Stefan Esser, some of the 7 security holes can be used only with a valid user account while others open the possibility of attacks over a network.
    Esser found the bugs during the development of "Hardened-PHP" which adds security functions to the already known PHP code base.

    The function pack(), for example, "includes" an Integer Overflow through which someone can bypass the Safe Mode. Through a Integer Overflow in unpack(), it`s possible, in some cases, to read part of the memory, - for example the apache process. The function realpath() is also buggy - with pathnames that are too long someone can access any script (include).

    Most important are two bugs in unserialize(), that when combined let an attacker access unmapped memory as well as the injection and execution of code over the network. According to Esser only a specific string is needed. PHP-applications like phpBB2, Invision Board, vBulletin and many others are therefore vulnerable for attacks because they transfer Cookies over this function into their own format. Detailed information can be found in the original advisory.

    The problems can be found in PHP4 up to and including 4.3.9 and PHP5 up to and including 5.0.2 The PHP developers already offer new Versions in which many other bugs are removed.

    They urgently advise all users to install these updates.
    Now there is an "active" disscussion as to who found which bugs.
    Shortly after Essers Advisory, Martin Eiszner published his own claiming to be the one who found the unserialize() whole first.

    I hope that helps guys...

    I suggest you think twice before using PHP :P, use ASP!

    Links:
    http://www.hardened-php.net/advisories/012004.txt
    http://de.php.net/unserialize
    http://www.php.net/downloads.php
    http://www.derkeiler.com/Mailing-Lists/sec...04-12/0182.html
     
  2. Dec 21, 2004 at 12:38 AM #2
    dudeqz

    dudeqz Well-Known Member

    Posts:
    60
    Likes Received:
    0
    Joined:
    Dec 21, 2004
    IS THIS LIKE AN ADVERTISEMENT?
     
  3. Dec 21, 2004 at 3:33 PM #3
    MarkWLI

    MarkWLI Guest

    Thats not an advertisement, its a warning to have people pressure their hosts to upgrade their versions of PHP
     
  4. Dec 21, 2004 at 3:36 PM #4
    .:Pure:.

    .:Pure:. Well-Known Member

    Age:
    35
    Posts:
    168
    Likes Received:
    0
    Joined:
    Dec 16, 2004
    Location:
    Texas
    I use php and i never have a promblem but thanks for the info and besides im learning .asp which is harder than i though.
     

Share This Page