PHP 'unserialize () 'function re-exploits Multiple Memory Corruption Vulnerabilities after being released

PHP 'unserialize () 'function re-exploits Multiple Memory Corruption Vulnerabilities after being released
PHP 'unserialize () 'function re-exploits Multiple Memory Corruption Vulnerabilities after being released

Release date:
Updated on:

Affected Systems:

PHP

Description:

Bugtraq id: 76265

PHP is a widely used scripting language. It is especially suitable for Web development and can be embedded into HTML.

PHP has multiple memory corruption vulnerabilities in the implementation of the 'unserialize () 'function. After successful exploitation, remote attackers can obtain memory information and execute arbitrary code in the context of the Web server.

<* Source: Taoguang Chen
*>

Suggestion:

Vendor patch:

PHP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.php.net/downloads.php

PHP 7, you deserve it

Experience PHP 7.0 on CentOS 7.x/Fedora 21

Install LNMP in CentOS 6.3 (PHP 5.4, MyySQL5.6)

Nginx startup failure occurs during LNMP deployment.

Ubuntu install Nginx php5-fpm MySQL (LNMP environment setup)

Detailed php hd scanning PDF + CD source code + full set of teaching videos

Configure the php lnmp development environment in CentOS 6

PHP details: click here
PHP: click here

This article permanently updates the link address: