PHPDeveloper.org: Stefan Esser's Blog: PHP 4 - Reference Counter Overflow Fix

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: Chegg Seeks Senior PHP Developer (Santa Clara, CA)

Job Posting: TEKSystems (Recruiter) Seeks PHP Web Application Developers (Tampa, FL)

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

Job Posting: Project People Ltd (Recruiter) Seeks PHP Developer (Paris, France)

Job Posting: Snelling (Recruiter) Seeks Web Programmer (Boston, MA)

Job Posting: Veedow Seeks Senior PHP Developer/Architect (London, UK)

Job Posting: Apex Systems (Recruiter) Seeks PHP Web Developers (Tampa, FL)

Job Posting: WordStream Seeks Web Application Developer (Needham, MA)

Job Posting: JS Creative Seeks Web Developer (Atlanta, GA)

News Archive

Andre Liem's Blog: 5 tips and tools to optimize your php application - Part 1 simple

Job Posting: Chegg Seeks Senior PHP Developer (Santa Clara, CA)

Robert Basic's Blog: MyUrl view helper for Zend Framework

Laknath Semage's Blog: PHP + Large files

NETTUTS.com: Mimicking Apple's Address Book for the Web

Martynas Jusevicius' Blog: Method overloading in PHP 5

DevShed: Authentication Scripts for a User Management Application

Community News: PHP Advent 2008

Ibuildings Blog: Zend_Paginator: First Impressions

Community News: Latest PECL Releases for 12.02.2008

Stefan Esser's Blog:
PHP 4 - Reference Counter Overflow Fix

by Chris Cornutt May 21, 2007 @ 08:47:00

Stefan Esser has a new post mentioning a new patch that he's created to help correct an issue with the ZVAL Reference Counter that could cause a buffer overflow in an application.

When a PHP application is run in PHP 4 it can overflow the variable reference counter because it is only 16 bit wide. Whenever this happens it will result in a double destruction of the underlying variable. A local attacker can easily create PHP code that uses such a double destruction to execute arbitrary code within the process executing PHP (e.g. webserver process). This allows bypassing restrictions enforced by disable_functions, open_basedir, SAFE_MODE or to launch direct local root exploits against the target system.

The patch [tar.gz] fixes the issue and keeps from breaking anything from the past (backwards compatibility). You can either grab it now and apply it to your distribution (the sooner the better) or wait until it gets merged into the PHP CVS version and released with the next bug fix release.

0 comments voice your opinion now!
reference counter overflow patch fix php4 reference counter overflow patch fix php4

Similar Posts

Developer Tutorials Blog: And the winner of the most important security tip competition is...

Sebastian Bergmann\'s Blog: PHP - kurz & gut (Pocket Reference Update)

CorePHP Blog: A Guide to running Apache 2, PHP 4 & PHP 5 on Windows XP

PHP Security Blog: Hardening-Patch 0.4.6 for PHP released

Wez Furlong\'s Blog: Calling SQLBindParameter and avoiding a datetime overflow.

Community Events

Don't see your event here?
Let us know!

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework