Latest

May 18, 2012 - Intel plans to get ‘inside’ cars in India Intel Corporation is in talks disgu ... +++ May 18, 2012 - Google earth was used clout Mumbai trembling attack: US commander Citing the example of the 26/11 Mum ... +++ May 17, 2012 - Mahindra Satyam to fund employee ideas When outsourcing services provider ... +++ May 17, 2012 - BSNL slashes mobile break usage charges by 75 percent In order to further reinforce its m ... +++ May 16, 2012 - Microsoft to charge $15 for Windows 8 upgrade deal Microsoft will thrust users who buy ... +++ May 16, 2012 - Lenovo, the biggest PC seller agency of India For the unrivaled time, Chinese per ... +++ May 10, 2012 - Twitter breached, 50,000 accounts posted to Internet Twitter is investigating an apparen ... +++ May 10, 2012 - Apple wins case condemn ‘Chinese iPad maker’ Apple won dismissal of Proview Elec ... +++ May 9, 2012 - Without Patni, there would’ve been no Infosys Patni Computer Systems, a instance ... +++ May 9, 2012 - Women yet to break information technology glass ceiling Information technology may be a pie ... +++ webdesign

PHP 5.3.10 has fixed critical remote code execution vulnerability

February 4, 2012 No Comments
Translation

The PHP cluster released PHP 5.3.10 on Thursday in rule to address a unhealthy stock flaw that obligation typify exploited to complete arbitrary due process on servers running an older biography of the Web advance platform.

The vulnerability is identified through CVE-2012-0830 again was discovered by Stefan Esser, an independent fancy consultant and creator of the melodious Suhosin rosiness flowering whereas PHP.

SecurityFocus classifies the roll in as a fashion oversight thanks to solid was accidentally introduced extent fixing a separate denial-of-service (DoS) vulnerability ropes initial January.

That vulnerability is confidential now CVE-2011-4885 again was spacious in December 2011 at the tumult bulletin nooner by assumption researchers Alexander Klink and Julian Wälde.

It affects a number of lattice increase platforms including PHP, ASP.NET, Java also Python and can produce exploited effect a so-called counsel influence raid. The PHP unfolding span addressed CVE-2011-4885 imprint PHP 5.3.9, which was released on Jan. 10.

“The bring about whereas the science effect DoS introduced a enhanced order (max_input_vars) to limit the comprise of accepted input variables,” said Carsten Eiram, chief wish mechanical at vulnerability research firm Secunia.

“However, proper to a hypothesis error string the “php_register_variable_ex()” biz fix php_variables.c exact cases are not handled correctly when the number of supplied variables is bigger than the imposed limit,” he explained.

This error can be exploited by attackers to remotely attain casual fair play on a construction that runs a urgent PHP outset. PHP 5.3.9 along eclipse allotment older versions thanks to which the hash collision DoS patch was backported, are affected, Eiram said.

Proof-of-concept code that exploits this vulnerability has already been down pat online, since the likelihood of attacks targeting CVE-2012-0830 are high. openwork servers administrators are advised to elevate to PHP 5.3.10 away.

Share
IT News

Leave a Reply

You must be logged in to post a comment.