Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

PHP - Remote hacker automatic control

Version: 5.2.2 and prior.
Technical Details:

PHP have released version 5.2.3 of the PHP scripting language, providing a number of security related fixes including integer overflows in chunk_split(), infinte loop vulnerabilities in imagecreatefrompng, email validation vulnerabilities, safe_mode bypass, improved fixes for database support, and also added some functionality to the base set. There are also a number of other security-related patches included.

Description:

The PHP development team have released version 5.2.3 of the scripting language. A number of key security fixes are included, including patches for vulnerabilities that could allow an attacker to take complete control of the system that PHP is running on. Noted PHP security researcher, Stefan Esser, has claimed that there are still known vulnerabilities outstanding.

Mitigation:

Apply version 5.2.3 of PHP at the earliest opportunity

Updates:

http://www.php.net/downloads.php#v5

Source:

http://www.php.net/releases/5_2_3.php

Exploits:

MOPB

External Tracking Data:

CVE-ID: CVE-2007-1887 CVE-ID: CVE-2007-2872 CVE-ID: CVE-2007-1900 CVE-ID: CVE-2007-2756


Social bookmark this page