[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] PHP are affected by a buffer overflow vulnerability

Subject: [cobalt-users] PHP are affected by a buffer overflow vulnerability
From: "jeanjean" <jeanjean@xxxxxxx>
Date: Mon Dec 30 14:37:55 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Hy,

did someone read this ???  I think that we are all concerned, no?  What's
about a php 4.3.0 upgrade ?  Do someone have a working package, or should we
have to compile php ?
Thanks
Jean

            - Buffer overflow vulnerability in a PHP function -
  Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, December 30, 2002 -- Securitytracker has reported -at
http://www.securitytracker.com/alerts/2002/Dec/1005863.html - that versions
of PHP later than 4.1.2 -except for 4.3.0- are affected by a buffer overflow
vulnerability.

The vulnerability lies in the Wordwrap() function, which automatically
alligns text. An attacker could remotely exploit this vulnerability in order
to cause the web server to crash. To do this, the malicious user would need
to insert text in an application that uses the Wordwrap() function.

According to Securitytracker, this vulnerability could also be exploited to
run arbitrary code, although this type of attack is theoritically more
complicated.

Version 4.3.0, which has been released to fix this vulnerability, is
available at: http://www.php.net/downloads.php

Prev by Date: Re: [cobalt-users] Msg for Gerald Waugh - re fried BIOS on Raq4i
Next by Date: Re: [cobalt-users] Msg for Gerald Waugh - re fried BIOS on Raq4i
Previous by thread: [cobalt-users] RE: cobalt-users digest, Vol 1 #5427 - 12 msgs
Next by thread: RE: [cobalt-users] PHP are affected by a buffer overflow vulnerab ility

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index