PHP openlog() Function Remote Overflow

2003-03-27T00:00:00
ID OSVDB:2113
Type osvdb
Reporter Sir Mordred(sir.mordred@hushmail.com)
Modified 2003-03-27T00:00:00

Description

Vulnerability Description

A remote overflow exists in PHP. The openlog() function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A remote overflow exists in PHP. The openlog() function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.php.net/ Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2003-03/0408.html ISS X-Force ID: 11637 Generic Exploit URL: http://beyonce.beyondsecurity.com/exploits/6P00M2AC0Q.html CVE-2003-0172 Bugtraq ID: 7210