Home page logo
/

bugtraq logo Bugtraq mailing list archives

@(#)Mordred Labs advisory - PHP for Win32: buffer overflow in openlog() function
From: <sir.mordred () hushmail com>
Date: Thu, 27 Mar 2003 07:53:54 -0800


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

//@(#) Mordred Security Labs advisory

Release date: March 27, 2003
Name: PHP for Windows - buffer overflow in openlog() function
Versions affected: all versions for Windows platforms
Risk: average
Author: Sir Mordred (mordred () s-mail com)

I. Description:

PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.
Please visit http://www.php.net for more information about PHP.

II. Details:

There exists a classic stack overflow in the openlog() function and the
following short script will illustrate this vulnerability:

$ cat t1.php
<?php
    openlog(str_repeat("X", 1500), LOG_PID, LOG_DAEMON);
?>

III. Platforms tested

Windows 200 with IIS 5.0 / PHP 4.3.1

III. Workaround

Not available at the time of writing.

IV. Vendor

PHP developers notified.


-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wmAEARECACAFAj6DH5sZHHNpci5tb3JkcmVkQGh1c2htYWlsLmNvbQAKCRAOkXvN4BZr
fN4fAJ9EhQBM1k8JukU4JjZ6VTVVi5k/IwCeO8GoK/V4zuG7HbAgXkb2CNlXelg=
=t5SO
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]