News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHPBuilder.com:
Two PHP 5 Security Flaws Found
July 04, 2012 @ 21:04:33

As reported in this new post on PHPBuilder.com, there are two new security issues that could allow an attacker to execute their own code (note: these are fixed by the latest releases, PHP 5.4.4 and PHP 5.3.14).

The flaws are related to each other, with the primary issue being an insecure implementation of the DES within the crypt() function. In his eSecurityPlanet article about recent PHP security updates, Sean Michael Kerner provides the details of these two security flaws.

The issue stems from a flaw in the DES implementation where certain keys are truncated before the DES digestion and a problem in the phar extension that could allow for arbitrary code execution. You can find more on these security issues here.

0 comments voice your opinion now!
security issue des phar extension upgrade


blog comments powered by Disqus

Similar Posts

Pádraic Brady: PHP Security: Default Vulnerabilities, Security Omissions & Framing Programmer

Zend Developer Zone: The ZendCon Sessions Episode 27: Security Centered Design

Christopher Jones' Blog: Temporary LOBS in PHP's OCI8 Extension. Instant Client.

PEAR Blog: Net_Traceroute and Net_Ping security advisory

LaughingMeme.com: Looking at PHP5ís DateTime and DateTimeZone


Community Events





Don't see your event here?
Let us know!


opinion introduction install framework interview laravel api community voicesoftheelephpant library series package bugfix release podcast list tips symfony language deployment

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework