| PHP: buffer overflow in openlog() function
Author : Sir Mordred The Traitor <email@example.com>
//@(#) Mordred Security Labs advisory
Release date: March 27, 2003
Name: PHP for Windows - buffer overflow in openlog() function
Versions affected: all versions for Windows platforms
Author: Sir Mordred (firstname.lastname@example.org)
PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.
Please visit http://www.php.net for more information about PHP.
There exists a classic stack overflow in the openlog() function and the
following short script will illustrate this vulnerability:
$ cat t1.php
openlog(str_repeat("X", 1500), LOG_PID, LOG_DAEMON);
III. Platforms tested
Windows 200 with IIS 5.0 / PHP 4.3.1
Not available at the time of writing.
PHP developers notified.