PHP Affected by Critical Security Flaw

DaStarBuG · January 7, 2011, 4:47am

An extremely serious security flaw has been discovered in PHP, requiring that all affected servers be updated as a matter of urgency.

The flaw allows a remote webserver running an affected version of PHP to be crashed using nothing more than a URL request.

If you are running a 64 bit version of PHP you are unaffected, but if you are running in 32 bit mode, or you are not sure,
now would be a good time to drop everything and make sure that your server is not vulnerable,
by installing the latest version of PHP either from php.net, or from your own webserver vendor.
Zend Server has a hotfix available already.

Due to the massive impact of the flaw and the trivial way in which it can be exploited, news of this bug will spread rapidly so speed is of the essence in getting your server patched.

team1504 · January 7, 2011, 4:57am

Will do, thanks for the tip

EastCoast · January 8, 2011, 2:45pm

Not exactly true.

Only if the application processes a request variable as a floating point value (which would be extremely rare unless you’re working on scientific or engineering applications in php instead of the usual java/c etc)

TimIgoe · January 10, 2011, 12:14pm

In theory its a bad problem, in practice it will effect less servers than you realise.

I’ve tested my servers, which are 32bit and aren’t effected but a lot of recent servers will all be 64bit.