Slashdot Mirror

← Back to Stories (view on slashdot.org)

PHP Vulnerability Announced

Posted by krow on from the who-would-have-thunk-it dept.

corz writes "Just when you thought you were finished upgrading the webserver, 'The PHP Group has learned of a serious security vulnerability in PHP versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary code with the privileges of the web server. This vulnerability may be exploited to compromise the web server and, under certain conditions, to gain privileged access.' Here's the bugtraq announcement." The hole is in the parsing of HTTP POST headers and can allow arbitrary code to be run on vulnerable machines. PHP thoughtfully decided to release a new version, 4.2.2, today with the fix. You can find a copy of it here (mirror).

3 of 47 comments (clear)

  1. www.php.net/downloads.php by mnordstr · · Score: 3, Funny

    Parse error: parse error, unexpected T_SL in /local/Web/sites/phpweb/downloads.php on line 81

    Huh??! Bad karma ;)

  2. 420 makes you vulnerable! by Thing+1 · · Score: 3, Funny
    The PHP Group has learned of a serious security vulnerability in PHP versions 4.2.0 and 4.2.1.

    I can understand a certain amount of vulnerability after 420...

    --
    I feel fantastic, and I'm still alive.
  3. X86 Linux? by Chuck+Chunder · · Score: 3, Funny

    According to the announcements the only thing the vulnerability can do is cause your webserver to crash.

    --
    Boffoonery - downloadable Comedy Benefit for Bletchley Park