News Feed
Jobs Feed
Sections




News Archive
PHPBuilder.com:
Two PHP 5 Security Flaws Found
by Chris Cornutt July 04, 2012 @ 21:04:33

As reported in this new post on PHPBuilder.com, there are two new security issues that could allow an attacker to execute their own code (note: these are fixed by the latest releases, PHP 5.4.4 and PHP 5.3.14).

The flaws are related to each other, with the primary issue being an insecure implementation of the DES within the crypt() function. In his eSecurityPlanet article about recent PHP security updates, Sean Michael Kerner provides the details of these two security flaws.

The issue stems from a flaw in the DES implementation where certain keys are truncated before the DES digestion and a problem in the phar extension that could allow for arbitrary code execution. You can find more on these security issues here.

0 comments voice your opinion now!
security issue des phar extension upgrade


blog comments powered by Disqus

Similar Posts

Web & PHP Magazine: Issue #6 Published - "Breaking New Ground"

NETTUTS.com: Can You Hack Your Own Site? A Look at Some Essential Security Considerations

php|architect: February 2006 Issue Released

Padraic Brady's Blog: Zend Framework Security Related Releases Now Available

Christopher Jones' Blog: Statement caching bug fix to improve performance of OCI8 extension


 Community Events









Don't see your event here?
Let us know!

phpunit composer community testing tool framework api interview introduction code development database release example unittest opinion podcast object language zendframework2

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework