[转载]PHP openlog()缓冲区溢出漏洞
信息来源:[url]www.securiteam.com[/url]Summary
PHP openlog() function has been found to be prone to a buffer overflow. Passing an overly long size to the function, caused it to overwrite arbitrary memory, resulting in a denial of service. This overflow can be futher extended to cause the program to execute arbitrary code. The exploit code found below can be used to test your system for the mentioned vulnerability.
Details
Vulnerable Systems:
* PHP version 4.3.1 up to version 4.3.7
* PHP version 5.0 candidate 1
CVE Information:
CAN-2003-0172
Exploit:
[url]http://www.eviloctal.com/forum/read.php?tid=6201[/url]
页:
[1]