Casper Posted January 7, 2011 Report Share Posted January 7, 2011 http://bugs.php.net/bug.php?id=53632This is a biggen. Figured I'd pass it along. This is a huge DOS risk. Easy to check. Just use the script below, and run from the command line.Create file phpbugcheck.php:<?php/* +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ | Copyright (c) 2011 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | | available through the world-wide-web at the following url: | | [URL]http://www.php.net/license/3_01.txt[/URL] | | If you did not receive a copy of the PHP license and are unable to | | obtain it through the world-wide-web, please send a note to | | [email]license@php.net[/email] so we can mail you a copy immediately. | +----------------------------------------------------------------------+ | Author: Johannes Schlueter <johannes@php.net> | +----------------------------------------------------------------------+*/if (PHP_SAPI != 'cli') { die("Please run this test from CLI!\n");}ini_set('display_errors', 1);ini_set('output_buffering', 0);error_reporting(-1);if (!ini_get('safe_mode')) { set_time_limit(1);}echo "Testing float behaviour. If this script hangs or terminates with an error ". "message due to maximum execution time limit being reached, you should ". "update your PHP installation asap!\n";echo "For more information refer to <[URL]http://bugs.php.net/53632[/URL]>.\n";$d = (double)"2.2250738585072011e-308";echo "Your system seems to be safe.\n";?>Run php phpbugcheck.php from the command line. Quote Link to comment Share on other sites More sharing options...
SWing'R Posted January 7, 2011 Report Share Posted January 7, 2011 You're talkin running this on a server right? Not a local pc. Quote Link to comment Share on other sites More sharing options...
Casper Posted January 7, 2011 Author Report Share Posted January 7, 2011 You're talkin running this on a server right? Not a local pc.If you're joking: If you're serious: Yeah. You wouldn't have PHP installed on your local PC unless you're running a webserver, in which case you need to run it. PHP installed, run it. No PHP installed, you can't run it. Quote Link to comment Share on other sites More sharing options...
SWing'R Posted January 7, 2011 Report Share Posted January 7, 2011 If you're joking: If you're serious: Yeah. You wouldn't have PHP installed on your local PC unless you're running a webserver, in which case you need to run it. PHP installed, run it. No PHP installed, you can't run it.I wasn't joking , your post caught my attention because I do deal with php on the forums that I run, but then I realized that the php is installed on the servers. Quote Link to comment Share on other sites More sharing options...
alienpi Posted January 7, 2011 Report Share Posted January 7, 2011 Yet another reason to keep your systems patched and run vulnerability assessments on a regular basis. Quote Link to comment Share on other sites More sharing options...
JonS Posted January 7, 2011 Report Share Posted January 7, 2011 My system is safe Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.