How much is PHP susceptible to buffer Overflow attacks

They have: 426 posts

Joined: Feb 2005

I have heard that PHP is susceptible to buffer overflow attacks - is this true or is it due to unsecure php versions?

Would the latest PHP 5 version be susceptible to this type of attack?

Greg K's picture

He has: 2,145 posts

Joined: Nov 2003

This areticle was released recently: http://www.frsirt.com/english/advisories/2008/1412

A little older, and says to fix upgrade to a newer version: http://secunia.com/advisories/22653/

Older article, but from http://www.linuxdevcenter.com/pub/a/linux/2002/12/30/insecurities.html

PHP's wordwrap() function has a buffer overflow that may be exploitable to execute arbitrary code with the permissions of the user running the script. The buffer overflow is reported to affect versions of PHP between 4.1.2 and 4.3.0. Scripts that do not contain the wordwrap() function call are not affected by this buffer overflow.

Affected users should upgrade to version 4.3.0 of PHP.

-Greg

They have: 426 posts

Joined: Feb 2005

Your link does not work - so it is just version? PHP5 does not have any of these flaws.

Very Good.

Greg K's picture

He has: 2,145 posts

Joined: Nov 2003

The there was one in an older version of 5, but it said to upgrade to 5.20 to fix it.

-Greg

They have: 1 posts

Joined: Jun 2009

It is found that defending buffer overflow attack in PHP web application is developer and version dependent. Can this be detected in network based attack detection i.e. identifying a malicious packet that cause buffer overflow.

I don't know my query and answer what I am wanting, how much valid. Pls. respond.

They have: 2 posts

Joined: Jun 2009

Thanks to the moderator for the link.
I still having some doubts but all depends of my practice.Thank you.
Have a nice day!!

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.