Buffer overflow in PHP "wordwrap" function
From: David F. Skoll (dfs@roaringpenguin.com)
Date: 12/27/02
- Previous message: secure@conectiva.com.br: "[CLA-2002:557] Conectiva Linux Security Announcement - cyrus-imapd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Dec 2002 16:43:44 -0500 (EST) From: "David F. Skoll" <dfs@roaringpenguin.com> To: bugtraq@securityfocus.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There is a buffer overflow in PHP's built-in "wordwrap" function
for PHP versions greater than 4.1.2 and less than 4.3.0.
Please see http://bugs.php.net/bug.php?id=20927 for details.
If you use the wordwrap() function on user-supplied input, a
specially-crafted input can overflow the allocated buffer and
overwrite the heap. Exploit looks very difficult, but still
theoretically possible.
Status:
Bug cause discovered: 10 Dec 2002
PHP team notified: 10 Dec 2002
Bug fixed in CVS: 12 Dec 2002
PHP 4.3.0 released: 27 Dec 2002
Kudos to the PHP team for their extremely rapid reaction.
Recommendations:
Don't upgrade from 4.1.2 if you are certain there are no security problems
with your 4.1.2 setup and you may be vulnerable to the wordwrap() bug.
Otherwise, upgrade to 4.3.0
- --
David F. Skoll
Roaring Penguin Software Inc. | http://www.roaringpenguin.com
GPG fingerprint: 58BB 6D86 6F6F 84D0 2C89 59D1 CD1C CAEE 1362 4131
GPG public key: http://www.roaringpenguin.com/dskoll-key-2003.txt ID: 13624131
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE+DMmUzRzK7hNiQTERAngfAKCAz0vUMBS4o+ZMLExpE6Q+ABcKdgCdHVpD
24SOO2IcJ1VPotswMfOQa58=
=DX/n
-----END PGP SIGNATURE-----
- Next message: Daniel Ahlberg: "GLSA: cyrus-sasl"
- Previous message: secure@conectiva.com.br: "[CLA-2002:557] Conectiva Linux Security Announcement - cyrus-imapd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
