PHP 'cgi _ main. c' out-of-bounds read Denial-of-Service Vulnerability
Release date:
Updated on:
Affected Systems:
PHP <5.6.4
PHP <5.5.20
PHP <5.4.36
Description:
Bugtraq id: 71833
CVE (CAN) ID: CVE-2014-9427
PHP is a widely used scripting language. It is especially suitable for Web development and can be embedded into HTML.
PHP versions earlier than 5.4.36, 5.5.20, and 5.6.4 have a denial of service vulnerability. Attackers can exploit this vulnerability to crash affected applications. The mmap is used to read. in PHP files, sapi/CGI/cgi_main.c in the cgi component does not properly consider the ing length for invalid files with characters starting with # And missing new characters, this can cause out-of-bounds reading, leakage of sensitive information about the php-cgi memory, and arbitrary code execution.
<* Source: Salvatore Bonaccorso
*>
Suggestion:
Vendor patch:
PHP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.php.net/downloads.php
Https://bugs.php.net/bug.php? Id = 68618
Http://git.php.net /? P = php-src.git; a = commit; h = f9ad3086693fce680fbe246e4a45aa92edd2ac35
Install LNMP in CentOS 6.3 (PHP 5.4, MyySQL5.6)
Nginx startup failure occurs during LNMP deployment.
Ubuntu install Nginx php5-fpm MySQL (LNMP environment setup)
Detailed php hd scanning PDF + CD source code + full set of teaching videos
PHP details: click here
PHP: click here
This article permanently updates the link address: