How much is PHP susceptible to buffer Overflow attacks

You are viewing this site as a guest. Join our community to get your questions answered and share knowledge. Active members may advertise and ask for a website critique.

benf posted this at 15:02 — 7th July 2008.

They have: 317 posts

Joined: Feb 2005

I have heard that PHP is susceptible to buffer overflow attacks - is this true or is it due to unsecure php versions?

Would the latest PHP 5 version be susceptible to this type of attack?

Web Programming and Application Development

Greg K posted this at 15:22 — 7th July 2008.

He has: 1,664 posts

Joined: Nov 2003

This areticle was released recently: http://www.frsirt.com/english/advisories/2008/1412

A little older, and says to fix upgrade to a newer version: http://secunia.com/advisories/22653/

Older article, but from http://www.linuxdevcenter.com/pub/a/linux/2002/12/30/insecurities.html

PHP's wordwrap() function has a buffer overflow that may be exploitable to execute arbitrary code with the permissions of the user running the script. The buffer overflow is reported to affect versions of PHP between 4.1.2 and 4.3.0. Scripts that do not contain the wordwrap() function call are not affected by this buffer overflow.

Affected users should upgrade to version 4.3.0 of PHP.

-Greg

[This space intentionally left blank]

Cool Geek Supplies: www.ThinkGeek.com

benf posted this at 15:47 — 7th July 2008.

They have: 317 posts

Joined: Feb 2005

Your link does not work - so it is just version? PHP5 does not have any of these flaws.

Very Good.

Greg K posted this at 16:16 — 7th July 2008.

He has: 1,664 posts

Joined: Nov 2003

The there was one in an older version of 5, but it said to upgrade to 5.20 to fix it.