News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Stefan Esser's Blog:
PHP 4 - Reference Counter Overflow Fix
May 21, 2007 @ 08:47:00

Stefan Esser has a new post mentioning a new patch that he's created to help correct an issue with the ZVAL Reference Counter that could cause a buffer overflow in an application.

When a PHP application is run in PHP 4 it can overflow the variable reference counter because it is only 16 bit wide. Whenever this happens it will result in a double destruction of the underlying variable. A local attacker can easily create PHP code that uses such a double destruction to execute arbitrary code within the process executing PHP (e.g. webserver process). This allows bypassing restrictions enforced by disable_functions, open_basedir, SAFE_MODE or to launch direct local root exploits against the target system.

The patch [tar.gz] fixes the issue and keeps from breaking anything from the past (backwards compatibility). You can either grab it now and apply it to your distribution (the sooner the better) or wait until it gets merged into the PHP CVS version and released with the next bug fix release.

0 comments voice your opinion now!
reference counter overflow patch fix php4 reference counter overflow patch fix php4


blog comments powered by Disqus

Similar Posts

Arnold Daniels' Blog: Wrong PHP prediction: you donít need to patch PHP to run multiple versions

Gennady Feldman's Blog: Migration to PHP5 links and articles

Ilia Alshanetsky's Blog: Filter Extension Revamped (and PHP 5.2 news)

Wez Furlong\'s Blog: Calling SQLBindParameter and avoiding a datetime overflow.

Pierre-Alain Joye's Blog: Zip 1.8.7, safemode and open_basedir fixes


Community Events





Don't see your event here?
Let us know!


voicesoftheelephpant release framework deployment community bugfix tips library series laravel introduction podcast list developer symfony opinion interview language zendserver api

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework