BetaONE will rise again!


 
Prev Previous Post   Next Post Next
  #1  
Old 25th Aug 05, 06:53 PM
Alpine's Avatar
Alpine Alpine is offline
Retired Crew
 
Join Date: Feb 2002
Location: Run Forest, RUN!!
Posts: 3,601
Alpine is on a distinguished road
Send a message via ICQ to Alpine Send a message via AIM to Alpine
Serious PHP flaw found
Hackers in the libraries

SECURITY BOFFINS have found a critical vulnerability in two PHP libraries that are used to provide web services and content management systems.

PHP, is one of the most widely used scripting language on the web and the flaws are in the XML-RPC for PHP and PEAR XML-RPC libraries.

Similar flaws were discovered in July and prompted an audit of the libraries by the Hardened-PHP Project, a group that was founded to protect PHP users and servers against security holes.

According to the Projects advisory here, the new flaw takes advantage of a technique similar to the earlier vulnerabilities, which involved eval() statements.

"To get rid of this and future eval() injection vulnerabilities, the Hardened-PHP Project has developed, together with the maintainers of both libraries, a fix that completely eliminates the use of eval() from the library", the report said.

Linux distributiors such as Red Hat and Gentoo have already issued patches, but perhaps the biggest problem will be for those who have used content management systems are built using PHP, such as PostNuke, Drupal, b2evolution and TikiWiki. The INQuirer
Reply With Quote
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Flaw Found in Adobe Acrobat NewsBot NeoWin News 0 6th Jul 05 09:00 PM
.Net or PHP? PCTech Coders Corner 5 26th May 05 01:20 PM
Flaw found in McAfee suite NewsBot NeoWin News 0 19th Apr 05 09:00 PM
Trillian Vulnerability - Security Flaw Found in Trillian IM NewsBot NeoWin News 0 27th Mar 05 01:00 PM
Critical Flaw found in Winamp 5.06 and earlier NewsBot NeoWin News 0 28th Nov 04 07:00 AM


All times are GMT +1. The time now is 07:48 AM.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.