Linux Today: Linux News On Internet Time.

internetnews.com: Security Flaws Found in PHP

Feb 28, 2002, 17:44 (3 Talkback[s])
(Other stories by Thor Olavsrud)
"The Computer Emergency Response Team Coordination Center (CERT/CC) Wednesday warned of multiple vulnerabilities in the PHP scripting language which would allow a remote attacker to execute arbitrary code with the privileges of the PHP process on a victim's system.

The flaws were discovered and first reported by Stefan Esser of e-matters, a member of the PHP developer team.

PHP is widely used in Web development and can be installed on a variety of Web servers, including Apache, IIS, Caudium, Netscape and iPlanet, OmniHTTPd and others. Esser said the vulnerabilities lie in the php_mime_split function, allowing an attacker to either execute arbitrary code with the privileges of the Web server or interrupt normal operations of the Web server."

Complete Story