Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

BACKRONYM, Other Vulnerabilities Patched in PHP

PHP 5.6.11, 5.5.27 and 5.4.43 were released last week. The latest versions of the popular scripting language address numerous functionality bugs and several security issues.

PHP 5.6.11, 5.5.27 and 5.4.43 were released last week. The latest versions of the popular scripting language address numerous functionality bugs and several security issues.

The most important security flaw addressed in PHP 5.6.11, 5.5.27 and 5.4.43 is the MySQL vulnerability dubbed BACKRONYM (Bad Authentication Causes Kritical Risk Over Networks, Yikes MySQL).

BACKRONYM is a TLS vulnerability affecting Oracle MySQL client libraries and forks such as MariaDB and Percona (CVE-2015-3152). The bug can be exploited by a man-in-the-middle (MitM) attacker to downgrade MySQL SSL/TLS connections, intercept database queries and results, and manipulate database contents.

The vulnerability, caused by the fact that the –ssl option does not enforce an effective SSL/TLS connection, was patched by Oracle in December 2013 with the release of MySQL 5.7.3. The problem is that MySQL 5.7.x is not a general availability release so most users still utilize the vulnerable 5.6 version.

The developers of PHP have patched BACKRONYM in the MySQL native driver for PHP (mysqlnd), the scripting language’s drop-in replacement for the MySQL Client Library.

In addition to this bug, PHP 5.6.11 patches four other security issues. One of the vulnerabilities is caused by the fact that the escapeshellcmd() and escapeshellarg() functions in PHP don’t treat “!” as a special character, potentially allowing an attacker to execute arbitrary code.

Other vulnerabilities patched in the latest version of PHP are a use-after-free in spl_recursive_it_move_forward_ex() and a use-after-free in sqlite3SafetyCheckSickOrOk().

Active support for PHP 5.4 ceased 9 months ago, but security support is still being provided until September 14, 2015. In the case of PHP 5.5, general support ended on July 10, but security fixes will be provided for another year.

On Friday, the PHP development team announced the availability of PHP 7.0.0 Beta 1, the third pre-release of the new PHP 7 major series.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.