LinkBack URL
About LinkBacks
Original post is located here.
A vulnerability has been found in most 32-bit versions of PHP which causes the interpreter to hang when parsing a specific floating point number.
As a result, any script taking user input and treating it as a number is vulnerable to a DoS attack.
It takes next to no effort to initiate, and PHP on your machine will enter an infinite loop.
Fixes are being worked on but for now, if you don't need to work with floating point numbers, don't.
Vulnerable:
Safe:Code:$id = (int)$_GET['x'];
For reference, this is safe because it ignores everything past the decimal place.Code:$id = (int)substr($_GET['x'], 0, strpos($_GET['x'], "."));
-For user safety, I have been asked to remove the specific floating point number, along with the cause behind the action PHP takes.-
Trust me, if your site is public in any way shape or form, you'll thank me later.
---------- Post added at 10:08 AM ---------- Previous post was at 10:02 AM ----------
Update:
The PHP team has released two new versions as of today: PHP versions 5.3.5 and 5.2.17. These versions contain the fix for the bug. If you are unable to update, I highly recommend continuing with the fix in the original post.
Reply With Quote
