• On The Insider: Bruno Film Edited Due to Jackson's Death

December 17, 2004 3:37 PM PST

Patches slapped on serious PHP flaws

By Robert Lemos
Staff Writer, CNET News

  • 5 comments
Related Stories

Flaws drill holes in open-source repository

 May 19, 2004

Scripting flaw threatens Web servers

 July 22, 2002

Building trust into open source

 March 20, 2002
Two software updates have been released to fix critical flaws that could allow an attacker to compromise servers using PHP, a programming language for Web pages.

The PHP Group, a software developer community, issued versions 4.3.10 and 5.0.3 of PHP this week to remedy the problems in the major versions of the Web page-processing program.

"All users of PHP are strongly encouraged to upgrade to one of these releases as soon as possible," the group advised on its Web site.

Arguably the most critical vulnerability is in a function used to compact data for storage. By exploiting the flaw, an attacker could take control of the Web server that runs a vulnerable version of the PHP: Hypertext Preprocessing (PHP), according to the Hardened-PHP group, which found the flaw.

Originally known as Personal Home Page, PHP consists of a server-side scripting language that can be embedded in Web pages to generate dynamic content, and the processing program required to act on the commands. Many blogging programs and content management applications are written in PHP.

The language can be used to control the content of a Web site, by interacting with a database to create pages in response to a visitor's clicks. Typically, a Web page holds snippets of PHP code that are run whenever a visitor requests that page. The code triggers the content displayed on the page, often pulling it from a database that holds articles, graphics and personalized settings, for example.

As a programming language, PHP is flexible enough to accomplish a variety of tasks. A Web server has to run the PHP processor program to interpret any pages containing the language.

In addition to the critical flaw, the Hardened-PHP community found six other vulnerabilities in PHP, according to an advisory released by the group. It also develops its own, security-hardened version of PHP, and has released its own fully patched version of the system with additional security features.

The PHP Group's updates, which fix those vulnerabilities and several smaller bugs, have been posted to the group's Web site.

See more CNET content tagged:
PHP, flaw, programming language, attacker, Web server

Add a Comment (Log in or register) (5 Comments) (5 Comments)
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Dow Jones Industrials (-0.49%) -40.21 8,142.96
S&P 500 (-0.43%) -3.78 878.90
NASDAQ (0.20%) 3.48 1,756.03
CNET TECH (0.20%) 2.52 1,262.17
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET