PHP "php_parserr ()" Buffer Overflow Vulnerability

PHP "php_parserr ()" Buffer Overflow Vulnerability

Release date:
Updated on:

Affected Systems:
PHP 5.5.x
PHP 5.4.x
PHP 5.3.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-4049
 
PHP is a widely used scripting language. It is especially suitable for Web development and can be embedded into HTML.
 
PHP functions in "php_parserr ()" (ext/standard/dns. c) there is an error in implementation. Malicious users use a specially crafted dns txt to record the response. This vulnerability can cause heap buffer overflow. After successful exploitation, arbitrary code can be executed. To exploit this vulnerability, arbitrary DNS response packets must be injected through man-in-the-middle attacks.
 
<* Source: vendor

Link: http://secunia.com/advisories/58683/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
PHP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://www.php.net/downloads.php
Https://github.com/php/php-src/commit/4f73394fdd95d3165b4391e1b0dedd57fced8c3b

Practical Production Environment-LNMP architecture compilation and installation + SSL encryption implementation

LNMP full-featured compilation and installation for CentOS 6.3 notes

Install LNMP in CentOS 6.3 (PHP 5.4, MyySQL5.6)

Nginx startup failure occurs during LNMP deployment.

Ubuntu install Nginx php5-fpm MySQL (LNMP environment setup)

Detailed php hd scanning PDF + CD source code + full set of teaching videos

PHP details: click here
PHP: click here

This article permanently updates the link address: