PHP "lên dĩa"

PHP "lên dĩa"

Bắt đầu là Month of Browser Bugs, rồi đến Month of Kernel Bugs và Month of Apple Bugs, còn bây giờ là Month of PHP Bugs. Chỉ sau 3 ngày, đã có 8 lỗi nghiêm trọng của PHP được công bố!

#	Title	Description	PoC/Exploit	References
8	PHP 4 phpinfo() XSS Vulnerability (Deja-vu)	phpinfo() does not escape the content of user supplied arrays in GET, POST or COOKIE variables when it displays them which leads to an XSS vulnerability.	MOPB-08-2007.phpt	HPHP-18-2005 CVE-NO-NAME
7	Zend Platform ini_modifier Local Root Vulnerability	The ini_modifier of the Zend Platform can be tricked by a local to edit the system php.ini file, which can be used to obtain root privileges.	Not needed	CVE-NO-NAME
6	Zend Platform Insecure File Permission Local Root Vulnerability	Several binaries and shellscripts installed by the Zend Platform are installed with unsafe permissions that might allow an attacker to gain root privileges.	Not needed	CVE-NO-NAME
5	PHP unserialize() 64 bit Array Creation Denial of Service Vulnerability	Deserialisation of malformed PHP arrays from within unserialize() might result in a tight endless loop exhausting CPU ressources on 64bit systems.	Not needed	CVE-2007-0988
4	PHP 4 unserialize() ZVAL Reference Counter Overflow	During unserialisation of user supplied data that contains a lot of references to a variable the internal 16bit zval reference counter can overflow. This leads to an exploitable double dtor condition.	MOPB-04-2007.php	CVE-NO-NAME MOPB-01-2007
3	PHP Variable Destructor Deep Recursion Stack Overflow	The destruction of deeply nested PHP arrays will exhaust all available stack which leads to remotely triggerable crashes.	Not needed	CVE-NO-NAME
2	PHP Executor Deep Recursion Stack Overflow	A deep recursion of PHP userland code will exhaust all available stack which leads to a sometimes remotely triggerable crash.	Not needed	CVE-2006-1549
1	PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability	In PHP 4 userland code is able to overflow the internal 16bit zval reference counter by creating many references to a variable. This leads to an exploitable double dtor condition.	MOPB-01-2007.php	CVE-NO-NAME

Comments

About

Email: thaidn@gmail.com. Tôi sinh ra ở Sài Gòn, lớn lên trên Internet. Tôi là kỹ sư an ninh mạng, từng được trao giải thưởng danh giá Pwnie Award. Hiện tại tôi làm ở Google, với vai trò kỹ sư cấp hơi cao. Tôi từng là kỹ sư trưởng Google Tink, thư viện phần mềm mã hóa đạt được hơn ba triệu download mỗi tháng. Trong thời gian vừa qua tôi thấy hơi chán, chưa biết làm gì tiếp theo, nhưng tôi vẫn đang kiên trì lãnh lương hàng tháng.

I'm a security researcher, best known for my SSL attack trilogy: BEAST, CRIME, and POODLE. I was half of the team that discovered the crypto vulnerability in ASP.NET affecting millions of websites. For this work I was a recipient of the prestigious Pwnie Award. Currently I'm a senior member of the worldwide product security team at Google. My team built Project Wycheproof and Tink. My mission is to help everyone on the Internet use cryptography correctly.