TechWorld.com - Servers running PHP are vulnerable to a number of serious security exploits, including some that could allow an attacker to execute malicious code, as well as denial-of-service exploits, according to the PHP Group.
The project has issued updates fixing the bugs, available from the PHP Web site and directly from various operating system vendors. "All Users of PHP are strongly encouraged to upgrade to this release," the PHP Group said in its advisory.
PHP, an open-source programming language mainly for server-side applications, runs on server operating systems such as Linux, Unix, Mac OS X and Windows.
Several of the flaws were discovered in PHP's EXIF module, used to handle the Exchangeable Image file format (EXIF) specification used by digital cameras. A bug in the module's exif_process_IFD_TAG() function could be exploited by a specially crafted "Image File Directory" (IFD) tag to cause a buffer overflow and execute malicious code with the privileges of the PHP server, according to Mandriva, which issued its update yesterday.
A second EXIF module bug could lead to an infinite recursion, causing the executed program to crash.
Another flaw, first disclosed by iDefense, affects the "php_handle_iff()" and "php_handle_jpeg()" functions and could be exploited by a specially formed image to cause infinite loops and consume all available CPU resources, creating a denial of service. The PHP update fixes a number of other security flaws, mostly less serious, as well as non-security-related bugs.
Independent security firm Secunia originally gave the flaws a non-critical ranking, but later changed its rating to "highly critical" as more information came to light, the company said.
Updates are being distributed by Debian, Gentoo, Suse and others.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- ESG: IBM x3650 M4 BD: System x Server for Big Data Analytics The paper discusses the rise of Big Data and the importance of analytics for rapidly extracting insights from this data for improved business...
- IDC: Enterprise Workloads on The IBM X6 Portfolio: Driving Business Advantages This paper shows how the new IBM systems with X6 technology were designed to take clients to a new frontier of x86 computing.
- Driving Innovation in the Banking Industry: Cutting Edge Computing Platforms Make a Difference Analyst Report to show the benefits of the new IBM X6 in the banking industry.
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Servers White Papers | Webcasts