Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

Q-321: PHP Security Update

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) Q-321: PHP Security Update
# 1  
Old 03-04-2008
Q-321: PHP Security Update
There are several security vulnerabilities in PHP:1) A response-splitting issue was discovered in the PHP session handling;2) A buffer overflow was discovered in the PHP sscanf() function;3) An interger overflow was discovered in the PHP wordwrap() and str_repeat() functions; 4) A buffer overflow was discovered in the PHP gd extension; and5) A interger overflow was discovered in the PHP memory allocation handling. The risk is LOW. 1) A remote attacker can force a carefully crafted session identifier to be used, a cross-site-scripting or response-splitting attack could be possible;2) A remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user;3) A remote attacker sending a carefully crafted request might be able to cause a heap overflow; and4) On 64-bit platforms, the "memory_limit" setting was not enforced correctly, which could allow a denial of service attacker by a remote user.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT PHP

set_magic_quotes_runtime

SET_MAGIC_QUOTES_RUNTIME(3)						 1					       SET_MAGIC_QUOTES_RUNTIME(3)

set_magic_quotes_runtime - Sets the current active configuration setting of magic_quotes_runtime

SYNOPSIS

       bool set_magic_quotes_runtime (bool  $new_setting)

DESCRIPTION

	Set the current active configuration setting of magic_quotes_runtime.

       Warning

	      This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 7.0.0.

ERRORS
/EXCEPTIONS
	Since  PHP  5.3  this function has been deprecated and will raise an E_DEPRECATED warning upon execution. Since PHP 5.4 this function will
       also raise an E_CORE_ERROR on trying to enable magic quotes.

PARAMETERS

	      o $new_setting
		- FALSE for off, TRUE for on.

RETURN VALUES

	Returns TRUE on success or FALSE on failure.

EXAMPLES

       Example #1

	      set_magic_quotes_runtime(3) example

	      <?php
	      // Create a temporary file pointer
	      $fp = tmpfile();

	      // Write some data to the pointer
	      fwrite($fp, ''PHP' is a Recursive acronym');

	      // Without magic_quotes_runtime
	      rewind($fp);
	      set_magic_quotes_runtime(false);

	      echo 'Without magic_quotes_runtime: ' . fread($fp, 64), PHP_EOL;

	      // With magic_quotes_runtime
	      rewind($fp);
	      set_magic_quotes_runtime(true);

	      echo 'With magic_quotes_runtime: ' . fread($fp, 64), PHP_EOL;

	      // Clean up
	      fclose($fp);
	      ?>

	      The above example will output:

	      Without magic_quotes_runtime: 'PHP' is a Recursive acronym
	      With magic_quotes_runtime: 'PHP' is a Recursive acronym

SEE ALSO

       get_magic_quotes_gpc(3), get_magic_quotes_runtime(3).

PHP Documentation Group 											       SET_MAGIC_QUOTES_RUNTIME(3)