PHPDeveloper.org: SecurityReason: Three Advisories for PHP 5.2.4 (dl, iconv_substr & setlocale)

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: TEKSystems (Recruiter) Seeks PHP Web Application Developers (Tampa, FL)

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

Job Posting: Project People Ltd (Recruiter) Seeks PHP Developer (Paris, France)

Job Posting: Snelling (Recruiter) Seeks Web Programmer (Boston, MA)

Job Posting: Veedow Seeks Senior PHP Developer/Architect (London, UK)

Job Posting: Apex Systems (Recruiter) Seeks PHP Web Developers (Tampa, FL)

Job Posting: WordStream Seeks Web Application Developer (Needham, MA)

Job Posting: JS Creative Seeks Web Developer (Atlanta, GA)

Job Posting: Kodak Graphic Communications Group Seeks PHP Application Developer (Stamford, CT)

News Archive

Till's Blog: ZendFramework (performance) II

Sebastian Bergmann's Blog: Freezing and Thawing PHP Objects

Jani Hartikainen's Blog: NetBeans 6.5 review (with PHP support)

Rob Allen's Blog: File uploads with Zend_Form_Element_File

PHPro.org: Calculate Friday The 13th With Datetime Class

Marco Tabini's Blog: It turns out, I was wrong

Community News: Latest PEAR Releases for 12.01.2008

Site News: Job Postings for the week of 11.23.2008

KillerPHP.com: Creating a Wordpress Theme from Scratch (Video)

Chris Hartjes' Blog: Handling Multiple Environments In Your PHP Application

SecurityReason:
Three Advisories for PHP 5.2.4 (dl, iconv_substr & setlocale)

by Chris Cornutt September 13, 2007 @ 09:33:00

The SecurityReason website has three new advisories posted concerning the latest release in the PHP 5 series:

PHP 5.2.4 <= dl() open_basedir_bypass&code exec&dos - input for the dl() function is not handled correctly and can lead to arbitrary code being loaded and executed
PHP <=5.2.4 iconv_substr() denial of service - memory limit issue can be used in a DoS attack
PHP < 5.2.4 setlocale() denial of service - memory limit issue can be used for a DoS attack

The dl() overflow is marked as a medium threat (largely because it allows for arbitrary code execution) but the other two are shown as low threat. A patch is also given for the dl() issue to help correct the problem.

0 comments voice your opinion now!
php5 advisory dl iconv_substr setlocale medium low php5 advisory dl iconv_substr setlocale medium low

Similar Posts

Brainbench.com: Free PHP5 Certification Exam

DevShed: An Introduction to Building Proxy Classes with PHP 5

Jeff Moore's Blog: PHP as a Deployment Platform

IBM developerWorks: Going dynamic with PHP

Job Posting: Open Source Staffing Seeks a PHP5 Developer (New York, NY)

Community Events

Don't see your event here?
Let us know!

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework