|Limitations of PHP5 - Upgrade /
|As we all know, nobody and nothing is perfect.
Computer professionals have noticed vulnerability in PHP which can
be exploited by those who are practicing Denial of Service (DoS)
type attacks upon a system which is affected.
This limitation is caused by using in an improper manner the
functions from libpng within the function gdPngReadData() in the
source file ext/gd/libgd/gd_png.c of the extension GD, on the
occasion of processing fragmented data. This can be exploited in
order to force the execution entrance in an infinite loop by
supplying a special file which is modified, to an application which
uses the extension affected
Moreover, you have to know that this limitation was reported in the
versions 4.4.7 and 5.2.2 and other versions can also be affected.
There is a solution to this limitation too, which can be found in
some resources called Concurrent Versions System resources.
As far as PHP 5 limitations are concerned we can add that:
1. Protection mechanisms safe_mode and open_basedir can be
avoided through the session management system.
2. Unspecified errors can be exploited in order to corrupt a
memory area within the session.
3. Errors stack overflow type can be found within zip, imap
and sqlite extensions.
4. A limitations check error can appear within the data flux
processing and it can be exploited in order to force an error buffer
5. An error which is not specified and which is related to
limitations overcome exists within the function str_replace().
But the good news is that regardless the limitation type there can
be always found solutions.