PHPBuilder - Two PHP 5 Security Flaws Found



RSS Twitter
Articles Application Architecture

Two PHP 5 Security Flaws Found

by: All Staff
|
June 28, 2012

Two recently discovered security flaws in PHP 5.4.4 and PHP 5.3.14 could allow an attacker to execute random code. The flaws are related to each other, with the primary issue being an insecure implementation of the DES within the crypt() function. In his eSecurityPlanet article about recent PHP security updates, Sean Michael Kerner provides the details of these two security flaws.

 

He writes:

 

"The [DES ] flaw is that certain keys were truncated before being DES digested, which could potentially have enabled an authentication bypass."

 

"The second flaw, identified as CVE-2012-2386, is a vulnerability within the PHP phar extension. [Security firm] Secunia warned that successful exploitation of the Phar vulnerability may allow execution of arbitrary code."

 

Read the full article on eSecurityPlanet:
Open Source PHP and Ruby on Rails Updated for Security

Comment and Contribute

Your comment has been submitted and is pending approval.

Author:
All Staff

Comment:



Comment:

(Maximum characters: 1200). You have characters left.