PHP 'efree () 'function Remote Code Execution Vulnerability
Release date: 2014-10-02
Updated on:
Affected Systems:
PHP
Description:
Bugtraq id: 70259
CVE (CAN) ID: CVE-2014-3622
PHP is a widely used scripting language. It is especially suitable for Web development and can be embedded into HTML.
PHP 5.6 and other versions have the remote code execution vulnerability in the implementation of the 'efree () 'function. After successful exploitation, arbitrary code can be executed in the webserver context.
<* Source: Stefan Esser (s.esser@ematters.de)
*>
Suggestion:
Vendor patch:
PHP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.php.net/downloads.php
Install LNMP in CentOS 6.3 (PHP 5.4, MyySQL5.6)
Nginx startup failure occurs during LNMP deployment.
Ubuntu install Nginx php5-fpm MySQL (LNMP environment setup)
Detailed php hd scanning PDF + CD source code + full set of teaching videos
PHP details: click here
PHP: click here
This article permanently updates the link address: