PHP Group Plugs Security Holes

The open-source PHP Group has shipped a new version of the general-purpose scripting language to fix several potentially serious security vulnerabilities.

The flaws addressed in the PHP 4.4.1 update are rated “moderately critical” by security alerts aggregator Secunia Inc.

In a notice to users, the PHP Development Team said the patch corrects seven flaws and 35 other defects.

The most serious of the bugs could be exploited by malicious hackers to launch cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a vulnerable system.

The patch corrects an error where the “GLOBALS” array is not properly protected.

It can be exploited to define global variables by sending a “multipart/form-data” POST request with a specially crafted file upload field, or via a script calling a certain PHP function.

According to the advisory, successful exploitation may open up for vulnerabilities in various applications.

The PHP update also fixes an error in the handling of an unexpected termination in the “parse_str()” PHP function and an integer overflow error in “pcrelib” that can be exploited to cause a memory corruption.

Successful exploitation may allow execution of arbitrary code, the Group warned.

PHP, a project of the Apache Software Foundation, ships standard with a number of Web servers, including Red Hat Linux.

version 4.4.1
Source: eWeek