Month of PHP Bugs underway

Stephen Withers
Tuesday, 06 March 2007 12:09

Your IT - Home IT

Inspired by the Month of Browser Bugs and the Month of Apple Bugs, the Hardened-PHP Project has declared March the Month of PHP Bugs (MOPB) to draw attention to security vulnerabilities in the core PHP software.

PHP is widely used scripting language most commonly employed to create dynamic web pages.

"[O]ld and new security vulnerabilities in the Zend Engine, the PHP core and the PHP extensions will be disclosed on a day by day basis. We will also point out necessary changes in the current vulnerability managment process used by the PHP Security Response Team", the project team announced on its web site.

Unlike the previous 'Months' projects, MOPB does not limit itself to disclosing one bug per day and has already identified 11 vulnerabilities in the first five days.

The issues include string buffer overflows, inappropriate permissions and stack overflows, just as we saw in previous 'Months' projects. Some cause crashes or other denial-of-service conditions, while others permit privilege escalation and other problems. Proof of concept exploits are provided where appropriate.