{"id":9185,"date":"2017-01-04T09:41:00","date_gmt":"2017-01-04T07:41:00","guid":{"rendered":"https:\/\/ihs.com.tr\/blog\/?p=9185"},"modified":"2017-01-04T09:41:00","modified_gmt":"2017-01-04T07:41:00","slug":"php-7-sunuculari-etkileyen-bir-acik-tespit-edildi","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/php-7-sunuculari-etkileyen-bir-acik-tespit-edildi\/","title":{"rendered":"PHP 7 Sunucular\u0131 Etkileyen Bir A\u00e7\u0131k Tespit Edildi"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">PHP 7 PHP programlama dilinin en son versiyonuyla \u00e7al\u0131\u015fan sunucular\u0131 sald\u0131r\u0131lara a\u00e7\u0131k hale getiren bir a\u00e7\u0131ktan ma\u011fdur.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">An itibar\u0131yla bu a\u00e7\u0131k bu y\u0131l d\u00fczenlenen 33. Kaos \u0130leti\u015fimi Kongresi\u2019nde Check Point ara\u015ft\u0131rmac\u0131s\u0131 Yannay Livneh\u2019in yapt\u0131\u011f\u0131 sunum esnas\u0131nda ortaya \u00e7\u0131kar\u0131lan \u00fc\u00e7l\u00fc yaz\u0131l\u0131m hatas\u0131n\u0131n bir par\u00e7as\u0131.<\/span><\/p>\n<p><strong><span style=\"font-size: 14pt;\">A\u00e7\u0131klar PHP 7\u2019nin seri bozma mekanizmas\u0131n\u0131 etkiliyor<\/span><\/strong><\/p>\n<p><span style=\"font-size: 14pt;\">3 yaz\u0131l\u0131m hatas\u0131 da PHP\u2019nin seri bozma mekanizmas\u0131n\u0131 etkiliyor. Bahsi ge\u00e7en mekanizma bir byte ak\u0131\u015f\u0131n\u0131 PHP nesnesine geri d\u00f6n\u00fc\u015ft\u00fcrme s\u00fcreci olarak tan\u0131mlanabilir.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Bu 3 yaz\u0131l\u0131m hatas\u0131n\u0131n CVE tan\u0131m kodlar\u0131 CVE-2016-7478, CVE-2016-7479 ve CVE-2016-7480.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Livneh taraf\u0131ndan yay\u0131nlanan teknik rapora g\u00f6re ilk a\u00e7\u0131k bir DoS sorunu, fakat bu sorun uzaktan istismar edilebiliyor ve PHP 7 sunucular\u0131n\u0131n \u00e7ok fazla bellek t\u00fcketece\u011fi, web sitesini kilitleyecek, hatta sunucu i\u015flemlerini kapatacak \u015fekilde kullan\u0131labiliyor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Di\u011fer iki a\u00e7\u0131k ise sald\u0131rgan\u0131n sunucu \u00fczerinde k\u00f6t\u00fc ama\u00e7l\u0131 bir kod \u00e7al\u0131\u015ft\u0131rabilmesini sa\u011flayan RCE a\u00e7\u0131klar\u0131. Bu da baz\u0131 senaryolarda sald\u0131rgan\u0131n t\u00fcm sunucuyu ele ge\u00e7irebilmesini sa\u011flayabiliyor.<\/span><\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-9186 size-medium\" src=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2017\/01\/PHP-7-a\u00e7\u0131\u011f\u0131-300x176.jpg\" alt=\"PHP 7 a\u00e7\u0131\u011f\u0131\" width=\"300\" height=\"176\" srcset=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2017\/01\/PHP-7-a\u00e7\u0131\u011f\u0131-300x176.jpg 300w, https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2017\/01\/PHP-7-a\u00e7\u0131\u011f\u0131-585x344.jpg 585w, https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2017\/01\/PHP-7-a\u00e7\u0131\u011f\u0131.jpg 680w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/p>\n<p><strong><span style=\"font-size: 14pt;\">A\u00e7\u0131klardan biri hala mevcut<\/span><\/strong><\/p>\n<p><span style=\"font-size: 14pt;\">Livneh bu sorunlar\u0131 PHP ekibine bu y\u0131l\u0131n A\u011fustos ve Eyl\u00fcl aylar\u0131nda bildirdi\u011fini s\u00f6yl\u00fcyor. PHP ekibi 13 Ekim tarihinde bir hata giderme i\u015flemi yaparak PHP 7.0.12\u2019yi, 1 Aral\u0131k\u2019ta ise PHP 7.1.0\u2019\u0131 yay\u0131nlam\u0131\u015ft\u0131.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">PHP ekibi bu haberin yaz\u0131ld\u0131\u011f\u0131 saatler itibar\u0131yla bahsi ge\u00e7en 3 a\u00e7\u0131\u011f\u0131n yaln\u0131zca 2&#8217;sini kapatabilmi\u015f durumda. PHP ekibinden Stansilav Mala\u015fev son a\u00e7\u0131\u011f\u0131n durumuyla ilgili sorulara \u201cPHP ekibinin tekil hatalar i\u00e7in \u00f6zel yay\u0131n tarihleri olmad\u0131\u011f\u0131n\u0131\u201d s\u00f6yleyerek cevap verdi. \u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Mala\u015fef konu hakk\u0131nda \u015funlar\u0131 s\u00f6yl\u00fcyor: \u201cPHP yay\u0131nlar\u0131 4 haftada bir yap\u0131l\u0131yor. Bir sonraki yay\u0131n i\u00e7in 5 Ocak tarihi belirlenmi\u015fti. \u00d6zel bir a\u00e7\u0131\u011f\u0131n\u0131n giderilmesi i\u00e7in olu\u015fturulan yama haz\u0131r oldu\u011funda programa g\u00f6re bir sonraki tarihte yay\u0131nlan\u0131r.\u201d<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Livneh habere konu olan 3 a\u00e7\u0131\u011f\u0131n A\u011fustos ay\u0131nda ayr\u0131nt\u0131lar\u0131yla anlatt\u0131\u011f\u0131 bir teknik kullan\u0131larak istismar edilebilece\u011fini s\u00f6yl\u00fcyor. \u015eu an i\u00e7in 3 a\u00e7\u0131ktan hangisinin yamas\u0131z halde oldu\u011funa dair bir bilgi ise hen\u00fcz payla\u015f\u0131lmam\u0131\u015f durumda.<\/span><\/p>\n<p><strong><span style=\"font-size: 14pt;\">Serile\u015ftirme\/seri bozma sorunlar\u0131 bir t\u00fcrl\u00fc bitmek bilmiyor<\/span><\/strong><\/p>\n<p><span style=\"font-size: 14pt;\">Serile\u015ftirme\/seri bozma mekanizmas\u0131 (veri nesnelerinin bellek bytelar\u0131na d\u00f6n\u00fc\u015ft\u00fcr\u00fclmesi veya tam tersi) PHP\u2019nin \u00f6nceki s\u00fcr\u00fcmleri i\u00e7in de ciddi bir sorun te\u015fkil ediyordu. Ayn\u0131 sorunun PHP 7 i\u00e7in de ge\u00e7erli oldu\u011fu g\u00f6r\u00fcl\u00fcyor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">PHP serile\u015ftirme mekanizmas\u0131ndaki bir a\u00e7\u0131k sayesinde yak\u0131n ge\u00e7mi\u015fte ara\u015ft\u0131rmac\u0131lar baz\u0131 sitelerin hacklenebilece\u011fini g\u00f6stermi\u015flerdi.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Benzer \u015fekilde, seri bozma i\u015flemlerinde ya\u015fanan sorunlar da Java uygulamalar\u0131 etkiliyor. Ge\u00e7ti\u011fimiz y\u0131l i\u00e7erisinde ciddi bir yaz\u0131l\u0131m a\u00e7\u0131\u011f\u0131 baz\u0131 PayPal hizmetlerinde g\u00fcvenlik ihlallerine neden olmu\u015ftu.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>PHP 7 PHP programlama dilinin en son versiyonuyla \u00e7al\u0131\u015fan sunucular\u0131 sald\u0131r\u0131lara a\u00e7\u0131k hale getiren bir a\u00e7\u0131ktan ma\u011fdur. An itibar\u0131yla bu a\u00e7\u0131k bu&hellip;<\/p>\n","protected":false},"author":3,"featured_media":9187,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-9185","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-haberler"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9185","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=9185"}],"version-history":[{"count":3,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9185\/revisions"}],"predecessor-version":[{"id":9190,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9185\/revisions\/9190"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/9187"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=9185"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=9185"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=9185"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}