87322 2002-12-27  23:11  /44 rader/ David F. Skoll <dfs@roaringpenguin.com>
Importerad: 2002-12-27  23:11  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <2889>
Ärende: Buffer overflow in PHP "wordwrap" function
------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There is a buffer overflow in PHP's built-in "wordwrap" function
for PHP versions greater than 4.1.2 and less than 4.3.0.

Please see http://bugs.php.net/bug.php?id=20927 for details.

If you use the wordwrap() function on user-supplied input, a
specially-crafted input can overflow the allocated buffer and
overwrite the heap.  Exploit looks very difficult, but still
theoretically possible.

Status:

Bug cause discovered: 10 Dec 2002
PHP team notified:    10 Dec 2002
Bug fixed in CVS:     12 Dec 2002
PHP 4.3.0 released:   27 Dec 2002

Kudos to the PHP team for their extremely rapid reaction.

Recommendations:

Don't upgrade from 4.1.2 if you are certain there are no security
problems with your 4.1.2 setup and you may be vulnerable to the
wordwrap() bug.

Otherwise, upgrade to 4.3.0

- --
David F. Skoll

Roaring Penguin Software Inc. | http://www.roaringpenguin.com GPG
fingerprint: 58BB 6D86 6F6F 84D0 2C89  59D1 CD1C CAEE 1362 4131 GPG
public key:  http://www.roaringpenguin.com/dskoll-key-2003.txt ID:
13624131
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+DMmUzRzK7hNiQTERAngfAKCAz0vUMBS4o+ZMLExpE6Q+ABcKdgCdHVpD
24SOO2IcJ1VPotswMfOQa58=
=DX/n
-----END PGP SIGNATURE-----
(87322) /David F. Skoll <dfs@roaringpenguin.com>/(Ombruten)