Jaslabs: High performance Software

High Performance Software

is your website secure?

March 20th, 2007 | Category: php, tech news

By Justin Silverton

March is the month of PHP bugs. The following are five of the latest bugs found within PHP.

  • PHP header() Space Trimming Buffer Underflow Vulnerability When the header() function is called with an all whitespace string a buffer underflow can be triggered that allows code execution on big endian systems (e.g. MacOS X on PPC, Solaris on SPARC) MOPB-25-2007.php


  • PHP array_user_key_compare() Double DTOR Vulnerability (U) When the userspace key comparison function returns its parameters are destructed even if there are references left. Therefore an exploitable double DTOR can be triggered. MOPB-24-2007.php


  • PHP 5 Rejected Session Identifier Double Free Vulnerability (U) When a session storage module rejects a session id the session code fails to clear an already freed pointer before calling an interruptible function. This can lead to an exploitable double free. MOPB-23-2007.php


  • PHP session_regenerate_id() Double Free Vulnerability (U) session_regenerate_id() fails to clear an already freed pointer before calling an interruptible function. This can lead to an exploitable double free. MOPB-22-2007.php


  • PHP compress.bzip2:// URL Wrapper safemode and open_basedir Bypass Vulnerability (U) The compress.bzip2:// URL Wrapper does not perform safemode or open_basedir checks and therefore allows access to archives outside the allowed area Not needed.

More security issues can be found here

It is important to update your PHP installation when new versions and bug fixes are released. There is also a project called Suhosin (which is part of hardened PHP), which can help against known and unknown security risks.

More about suhosin:

it is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Information and download of this can be found here

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • DZone
  • Slashdot
  • StumbleUpon
  • Technorati

1 Comment so far

  1. developercast.com » Blog Archive » JSLabs Blog: Is your website secure? March 21st, 2007 11:10 am

    […] In the spirit of the Month of PHP Bugs going on right now (March 2007), Justin Silverton has spotlighted just a few of them in a new entry to the JSLabs blog today. […]

Leave a reply