Over the past few weeks, I've been trying to get PCI compliance through Trustwave's vulnerability scanner. We're using Magento that's running on CentOS. Here's the issue we have:
The version of PHP running on this host is prone to a stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c which could allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.
This vulnerability has been addressed in a soon to be released version of PHP, however, backported fixes to this issue may exist. Your vendor should be contacted to determine if a solution is currently present.
Alternatively, removing the use of the socket_connect function from all PHP applications will also mitigate this issue.
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!