PHP Affected by Critical Security Flaw

[Mikey]

An extremely serious security flaw has been discovered in PHP, requiring that all affected servers be updated as a matter of urgency.

The flaw allows a remote webserver running an affected version of PHP to be crashed using nothing more than a URL request.

If you are running a 64 bit version of PHP you are unaffected, but if you are running in 32 bit mode, or you are not sure, now would be a good time to drop everything and make sure that your server is not vulnerable, by installing the latest version of PHP either from php.net, or from your own webserver vendor. Zend Server has a hotfix available already.

Due to the massive impact of the flaw and the trivial way in which it can be exploited, news of this bug will spread rapidly so speed is of the essence in getting your server patched.

http://xenforo.com/community/threads/php-affected-by-critical-security-flaw.10108/

Copy this: http://www.php.net/distributions/test_bug53632.txt into "testbug.php" - upload it and via shell, run

php testbug.php

IF you're safe, you should get something like this;

mikey@aeon:~$ php testbug.php
Testing float behaviour. If this script hangs or terminates with an error message due to maximum execution time limit being reached, you should update your PHP installation asap!
For more information refer to <http://bugs.php.net/53632>.
Your system seems to be safe

 

[Digital Doctor]

Whoa.
Thanks for the warning.
This is going to cause some possibly major problems for plenty of webmasters.

 

[morshi101]

Hey, this sounds to be little serious issue. Is the issue resolved as of now? Can someone post about the status of the issue? I hope that there will be more discussion on this flaw. I hope that only very small percentage of the users’ people will be affected by this.

 

[Vincent_imported]

Hey, this sounds to be little serious issue. Is the issue resolved as of now? Can someone post about the status of the issue? I hope that there will be more discussion on this flaw. I hope that only very small percentage of the users’ people will be affected by this.

It has been fixed in the new PHP Release.
The problem is pretty old already, you shouldn't worry. Every hoster should have changed that by now

 

[imported_Brian]

Hey, this sounds to be little serious issue. Is the issue resolved as of now? Can someone post about the status of the issue? I hope that there will be more discussion on this flaw. I hope that only very small percentage of the users’ people will be affected by this.

This is not a flaw in XenForo. This is an issue with PHP itself.

Source: http://bugs.php.net/bug.php?id=53632

To test whether your system is affected, simply run this script from the command line.

Hope this clear your doubts.