Metalik
January 7th, 2011, 07:38
An extremely serious security flaw has been discovered in PHP, requiring that all affected servers be updated as a matter of urgency.
The flaw allows a remote webserver running an affected version of PHP to be crashed using nothing more than a URL request.
If you are running a 64 bit version of PHP you are unaffected, but if you are running in 32 bit mode, or you are not sure, now would be a good time to drop everything and make sure that your server is not vulnerable, by installing the latest version of PHP either from php.net (http://www.php.net/archive/2011.php#id2011-01-06-1), or from your own webserver vendor. Zend Server (http://www.zend.com/en/products/server/downloads) has a hotfix available already.
Due to the massive impact of the flaw and the trivial way in which it can be exploited, news of this bug will spread rapidly so speed is of the essence in getting your server patched.
Resources:
PHP script to test vulnerability (http://www.php.net/distributions/test_bug53632.txt)
Bug report detailing the flaw (http://bugs.php.net/bug.php?id=53632)
---------- Post added at 07:38 AM ---------- Previous post was at 07:37 AM ----------
منظور کلیش اینه که یه باگ خطرناک در php پیدا شده.
برای این که تست کنید سرور شما هم این مشکل رو داره یا نه این فایل رو دانلود کنید و روی سرور اجرا کنید http://www.php.net/distributions/test_bug53632.txt توجه کنید بعد از دانلود پسوندش رو به php تغییر بدید.
اگه گفت مشکل داره نسبت به آپدیت کردن php خود اقدام کنید.
The flaw allows a remote webserver running an affected version of PHP to be crashed using nothing more than a URL request.
If you are running a 64 bit version of PHP you are unaffected, but if you are running in 32 bit mode, or you are not sure, now would be a good time to drop everything and make sure that your server is not vulnerable, by installing the latest version of PHP either from php.net (http://www.php.net/archive/2011.php#id2011-01-06-1), or from your own webserver vendor. Zend Server (http://www.zend.com/en/products/server/downloads) has a hotfix available already.
Due to the massive impact of the flaw and the trivial way in which it can be exploited, news of this bug will spread rapidly so speed is of the essence in getting your server patched.
Resources:
PHP script to test vulnerability (http://www.php.net/distributions/test_bug53632.txt)
Bug report detailing the flaw (http://bugs.php.net/bug.php?id=53632)
---------- Post added at 07:38 AM ---------- Previous post was at 07:37 AM ----------
منظور کلیش اینه که یه باگ خطرناک در php پیدا شده.
برای این که تست کنید سرور شما هم این مشکل رو داره یا نه این فایل رو دانلود کنید و روی سرور اجرا کنید http://www.php.net/distributions/test_bug53632.txt توجه کنید بعد از دانلود پسوندش رو به php تغییر بدید.
اگه گفت مشکل داره نسبت به آپدیت کردن php خود اقدام کنید.