Весёлая дыра в PHP
Некоторые версии PHP (5.2.x, 5.3.x, как минимум) виснут от использования числа 2.2250738585072011e-308 (сайт скоро упадёт, наверное, вот mirror). В обсуждении на реддите пишут, что можно легко поломать последние версии phpBB, Wordpress, Drupal и т.д. В общем, за несколько часов, а скорее, конечно, дней, пока это не починят, можно поломать пол-Интернета. Веселуха! ))
Обсуждение на Hacker News.
UPD Workaround (requires recompiling php), another one (supposedly better).
PHP - Bug #53632: PHP hangs on numeric value 2.2250738585072011e-308
The Register: PHP apps plagued by Mark of the Beast bug.
Хабрахабр: Уязвимость в php 5.3.* 32bit - float.
OpenNews: DoS-уязвимость при обработке некоторых чисел с плавающей запятой.
InfoWorld - Security Central: A bug in the PHP scripting language leaves Web servers with large floating point numbers open to DOS attacks.
UPD 06.01 "A critical vulnerability in the PHP engine has been identified on January 3, 2011. This exploit is significant because most PHP applications on impacted systems can become remotely exploitable to a very simple denial of service attack. Zend has released a security hotfix to address this vulnerability.
Due to the way the PHP runtime handles internal conversion of floating point numbers, it is possible for a remote attacker to bring down a web application simply by adding a specific parameter to a query string in their web browser.
This vulnerability is present on all versions of PHP including PHP 4.x and 5.x, on all Intel-based 32-bit PHP builds.
Platform Vulnerable
Windows YES
Linux (using 32-bit PHP build) YES
Linux (using 64-bit PHP build) NO
Mac OS NO
IBM i NO" (c)
UPD 07.01 PHP 5.3.5 and 5.2.17 Released!
"The PHP development team would like to announce the immediate availability of PHP 5.3.5 and 5.2.17.
This release resolves a critical issue, reported as PHP bug #53632, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers.
The problem is known to only affect x86 32-bit PHP processes, regardless of whether the system hosting PHP is 32-bit or 64-bit. You can test whether your system is affected by running this script from the command line.
All users of PHP are strongly advised to update to these versions immediately."
Обсуждение на Hacker News.
UPD Workaround (requires recompiling php), another one (supposedly better).
PHP - Bug #53632: PHP hangs on numeric value 2.2250738585072011e-308
The Register: PHP apps plagued by Mark of the Beast bug.
Хабрахабр: Уязвимость в php 5.3.* 32bit - float.
OpenNews: DoS-уязвимость при обработке некоторых чисел с плавающей запятой.
InfoWorld - Security Central: A bug in the PHP scripting language leaves Web servers with large floating point numbers open to DOS attacks.
UPD 06.01 "A critical vulnerability in the PHP engine has been identified on January 3, 2011. This exploit is significant because most PHP applications on impacted systems can become remotely exploitable to a very simple denial of service attack. Zend has released a security hotfix to address this vulnerability.
Due to the way the PHP runtime handles internal conversion of floating point numbers, it is possible for a remote attacker to bring down a web application simply by adding a specific parameter to a query string in their web browser.
This vulnerability is present on all versions of PHP including PHP 4.x and 5.x, on all Intel-based 32-bit PHP builds.
Platform Vulnerable
Windows YES
Linux (using 32-bit PHP build) YES
Linux (using 64-bit PHP build) NO
Mac OS NO
IBM i NO" (c)
UPD 07.01 PHP 5.3.5 and 5.2.17 Released!
"The PHP development team would like to announce the immediate availability of PHP 5.3.5 and 5.2.17.
This release resolves a critical issue, reported as PHP bug #53632, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers.
The problem is known to only affect x86 32-bit PHP processes, regardless of whether the system hosting PHP is 32-bit or 64-bit. You can test whether your system is affected by running this script from the command line.
All users of PHP are strongly advised to update to these versions immediately."