Skip to page content or Skip to Accesskey List.


Main Page Content

Php Vulnerability Discovered

Rated 3.89 (Ratings: 0)

Want more?

  • More articles in News
Picture of MartinB

Martin Burns

Member info

User since: 26 Apr 1999

Articles written: 143

Versions of PHP before 4.2.0 have been discovered to have allow an attacker to break into and run code on the server using multipart/form-data POST requests, often used to support file uploads

The bugs are in versions between 3.10 to 4.1.1, and are a mixture of broken boundary checks and heap overflows, with a some being easily exploitable

There are exploitable bugs on most platforms, including Linux, Solaris, x86 and BSD variants (which I assume includes Mac OS X). The greatest number of bugs affect Linux and Solaris.

The recommended fix is to upgrade to version 4.1.2

More info at CERT®

An earlier version of this article unforgivably broke the rights of Stefan Esser, for which I deeply apologise

Martin Burns has been doing this stuff since Netscape 1.0 days. Starting with the communication ends that online media support, he moved back through design, HTML and server-side code. Then he got into running the whole show. These days he's working for these people as a Project Manager, and still thinks (nearly 6 years on) it's a hell of a lot better than working for a dot-com. In his Copious Free Time™, he helps out running a Cloth Nappies online store.

Amongst his favourite things is ZopeDrupal, which he uses to run his personal site. He's starting to (re)gain a sneaking regard for ECMAscript since the arrival of unobtrusive scripting.

He's been a member of since the very early days, a board member, a president, a writer and even contributed a modest amount of template code for the current site. Above all, he likes to do things because it knowingly chooses to do so, rather than randomly stumbling into them. He's also one of the boys and girls who beervolts in the UK, although the arrival of small children in his life have knocked the frequency for 6.

Most likely to ask: Why would a client pay you to do that?

Least likely to ask: Why isn't that navigation frame in Flash?

The access keys for this page are: ALT (Control on a Mac) plus: is an all-volunteer resource for web developers made up of a discussion list, a browser archive, and member-submitted articles. This article is the property of its author, please do not redistribute or use elsewhere without checking with the author.