News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHP Security Blog:
Critical PHP Vulnerability Finally Fixed
August 07, 2006 @ 05:53:23

On the PHP Security Blog today, this note has been posted, a notification that a critical vulnerability has finally been fixed - the unset() issue.

Because there are meanwhile a lot of rumours about this vulnerability in the underground and because the PHP 4.4.3 release announcement does not mention this critical hole at all I wrote up a little article about it, which you can read here.

The article (from Hardened PHP) describes the issue - a problem in the hash tables of the Zend Engine, specifically the zend_hash_del_key_or_index function. The logic contained inside the function can find the wrong "bucket" of information and remove it. He also includes PHP code examples that show the issue in action.

To be protected, it's recommended to update to the latest versions of PHP that have been released - 4.4.3 and 5.1.4.

0 comments voice your opinion now!
critical vulnerability fix unset zend_hash_del_key_or_index function zend engine critical vulnerability fix unset zend_hash_del_key_or_index function zend engine


blog comments powered by Disqus

Similar Posts

Gennady Feldman's Blog: Leveraging Oracle connection metadata functionality

Dikini.net: Poor man's macro programming in php

phpRiot.com: Creating a fulltext search engine with the Zend Framework\'s Zend_Search_Lucene

PHPClasses.org: 10 Steps to properly do PHP Bug Tracking and Fixing as Fast as possible

Sjon.Blog: Protecting your property (PHP Encryption)


Community Events





Don't see your event here?
Let us know!


symfony2 release opinion language podcast unittest testing laravel threedevsandamaybe developer code experience framework introduction interview community install list series refactor

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework