Serious PHP flaw found

Hackers in the libraries

By Nick Farrell

Thursday, 25 August 2005, 17:04

SECURITY BOFFINS have found a critical vulnerability in two PHP libraries that are used to provide web services and content management systems.

PHP, is one of the most widely used scripting language on the web and the flaws are in the XML-RPC for PHP and PEAR XML-RPC libraries.

Similar flaws were discovered in July and prompted an audit of the libraries by the Hardened-PHP Project, a group that was founded to protect PHP users and servers against security holes.

According to the Projects advisory here, the new flaw takes advantage of a technique similar to the earlier vulnerabilities, which involved eval() statements.

"To get rid of this and future eval() injection vulnerabilities, the Hardened-PHP Project has developed, together with the maintainers of both libraries, a fix that completely eliminates the use of eval() from the library", the report said.

Linux distributiors such as Red Hat and Gentoo have already issued patches, but perhaps the biggest problem will be for those who have used content management systems are built using PHP, such as PostNuke, Drupal, b2evolution and TikiWiki.

Microsoft tells users how to prevent IE zero day attacks Fire in the Vole! Friday, 12 December 2008, 15:01 PM Read more	Ruby on Rails flaw is found and fixed Goodbye Ruby bluesday Friday, 4 September 2009, 13:40 PM Read more
Javascript debugging Three ways to edit and debug Javascript code Friday, 7 August 2009, 10:14 AM Read more	Opera releases Unite tool Cool if you don't mind gaping security flaws Tuesday, 16 June 2009, 18:00 PM Read more
Cost of building a social network site drops to near zero First $500 copycats, now Open Source catches up Monday, 2 February 2009, 18:42 PM Read more	Most web apps are broken High quality, we've heard of it Tuesday, 10 November 2009, 11:42 AM Read more

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

Most read
Most commented
Most popular

INQ Whitepapers

Will you be buying a new computer this Christmas?

Yes, a new computer will be under the tree

Yes, a netbook will fit my stocking nicely

No, but will be upgrading some components / building my own

No, my computer works fine if I change the oil often enough

Bah humbug, I'll wait for the January sales to decide

View other polls

©Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Search for a job:

Recruitment Agency A-Z Directory: All
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Serious PHP flaw found

Share this:

Business Intelligence Software

Customer Relationship Management (CRM)

Enterprise Accounting Software

Enterprise Resource Planning (ERP)

Enterprise Systems Management

C DEVELOPER - OO DESIGN PA

C Java banking Finance Deve...

Read more

AUDIT - RISK ANALYST - MAR

Audit Risk Governance Marke...

Read more

IT/Report Presentation Spe

Leading Research Consultanc...

Read more

Senior Software Engineer C

My Client now needs a Senio...

Read more

IT Support Technician - 30

WORKING FOR A FIRM OF SOLIC...

Read more