Major security hole in PHP

By Derek Sooman on December 21, 2004, 3:07 PM
It looks like PHP has a nasty bug, and one that can cause some potentially wicked problems with unwanted database access. Itís been discovered that PHP versions prior to 4.3.10 or 5.0.3 have problems connected with the way that serialisation and realpath commands are handled to gain escalated privileges. The result is that many web administrators are suffering problems from hackers. Fortunately, the problem has now been fixed.

The solution to the exploit is to upgrade to the latest version of PHP - either 4.3.10 or 5.0.3, depending on which thread you are running. The 4.3.10 build also includes some 5.x bugfixes and features which have been ported backwards.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.