Home page logo

bugtraq logo Bugtraq mailing list archives

@(#)Mordred Labs advisory - PHP for Win32: buffer overflow in openlog() function
From: <sir.mordred () hushmail com>
Date: Thu, 27 Mar 2003 07:53:54 -0800

Hash: SHA1

//@(#) Mordred Security Labs advisory

Release date: March 27, 2003
Name: PHP for Windows - buffer overflow in openlog() function
Versions affected: all versions for Windows platforms
Risk: average
Author: Sir Mordred (mordred () s-mail com)

I. Description:

PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.
Please visit http://www.php.net for more information about PHP.

II. Details:

There exists a classic stack overflow in the openlog() function and the
following short script will illustrate this vulnerability:

$ cat t1.php
    openlog(str_repeat("X", 1500), LOG_PID, LOG_DAEMON);

III. Platforms tested

Windows 200 with IIS 5.0 / PHP 4.3.1

III. Workaround

Not available at the time of writing.

IV. Vendor

PHP developers notified.

Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify


Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]