• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PHP MySQL_Connect Remote Buffer Overflow Vulnerability

PHP is prone to a remote buffer overflow vulnerability.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected Web server. Failed exploit attempts will likely result in crashing the Web server, denying service to legitimate users.

It should be noted that arguments to the 'mysql_connect' function are not usually accessible for modification by remote attackers. This may limit the possible exploitation to legitimate users and administrators in a shared hosting environment.

PHP for Microsoft Windows versions 4.3.10, 4.4.0, and 4.4.1 are vulnerable; other versions may also be affected.