A vulnerability that allows attackers to take control of websites running older versions of the PHP scripting language continues to threaten the Internet almost two years after security researchers first warned that attackers could use it to remotely execute malicious code on vulnerable servers.
Symantec has stumbled across a worm that exploits various vulnerabilities in PHP to infect Intel x86-powered Linux devices. The security biz says the malware threatens to compromise home broadband routers and similar equipment.
However, home internet kit with x86 chips are few and far between – most network-connected embedded devices are powered by ARM or MIPS processors – so the threat seems almost non-existent.
On Thursday, PHP.net was flagged by Google's Safe Browsing for malware. The warning, sparked debate among the development and security communities, as the initial reaction claimed Google triggered a false positive. However, additional research makes that claim seem unlikely.
By mid-morning on Thursday, Google's Safe Browsing initiative was flagging PHP.net, warning visitors that the site was malicious. The root cause appears to be a JavaScript file that had undergone several modifications over the last 24-hours.
The PHP Group has released PHP 5.4.3 and PHP 5.3.13 on Tuesday in order to address two remote code execution vulnerabilities, one of which is being actively exploited by hackers.
"The releases complete a fix for a vulnerability in CGI-based setups (CVE-2012-2311)," the PHP developers said in the release notes. Additionally, PHP 5.4.3 fixes a buffer overflow vulnerability, identified as CVE-2012-2329, in the apache_request_headers() function.
