PHP error logging format string vulnerability

PHP error logging format string vulnerability

Published on 2004-03-27. Updated on 2007-03-20.

Description:

The vulnerability exists in the code that handles error logging and is present if error logging is enabled in the "php.ini" configuration file. When errors are encountered by PHP, a string containing data supplied by the user is passed as the format string argument (the log_message variable) to the php_syslog() function (which contains *printf functions).

Affected PHP versions (up to 3.0.16, 4.0.2).

Impact:
Allow remote attackers to execute arbitrary code.

Recommendation:
Upgrade PHP to the latest version.

Tags: Scripts

Alert Tags: configuration
ApplicableApplicationServer : PHP
ApplicableOS: All
ApplicableWebServer: All

References:

BID 1786

PHP Homepage

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking