PHP floating point bug - potential DoS threat

Thankfully the server my site runs on is safe.

I expect there will be lots of script kiddies trying to take servers down over the next few days.
 
I expect there will be lots of script kiddies trying to take servers down over the next few days.
I hope not. I've thought about that from the start and wanted someone to remove the script from the first post.

PS. The server my site runs on is also safe,
biggrin.png
 
mikey@aeon:~$ php testbug.php
Testing float behaviour. If this script hangs or terminates with an error message due to maximum execution time limit being reached, you should update your PHP installation asap!
For more information refer to <http://bugs.php.net/53632>.
Your system seems to be safe.

I guess I'm safe :)
 
Is this serious enough that it would be worth closing our forum if our server host can't fix it til tomorrow? They need to do an upgrade in order for our server to get the PHP update... but they're not doing that until tomorrow (US time).
 
Closing your forum won't make much difference as the whole server will crash if vulnerable.
Having said that, there is the possibility of corruption of the database, albeit remote.

As long as you have a current backup of your database you can restore from, you should be fine.
I would take one now just in case.
 
root@server1 [/home/******/********************]# php test.php
Testing float behaviour. If this script hangs or terminates with an error message due to maximum execution time limit being reached, you should update your PHP installation asap!
For more information refer to <http://bugs.php.net/53632>.
Your system seems to be safe.
 
I run 64-bit php, but did the test anyway and was deemed safe.

copy the test php code into a file and run it directly from the command line. For example:

Code:
php testfile.php

Thanks for letting us know
smile.png
 
Script just hung on me, I'm running Windows 2008 R2, with 32-bit PHP (sigh).

Guess I need to look up the 64bit version.

Thanks for the info, Kier.

*Edit - Or not, seems there isn't an official 64bit version for Windows.

Naturally.

Someday I'll move to a Unix server... Some. Day.
 
Back
Top Bottom