PHP Error Logging Format String Vulnerability

Bugtraq ID: 1786
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Oct 12 2000 12:00AM
Updated: Oct 12 2000 12:00AM
Credit: Discovered by and first posted to Bugtraq by Jouko Pynnönen <jouko@solutions.fi> on Oct 12, 2000. It was also discovered by @stake independently and published in an advisory (linked to below) posted to Bugtraq on Oct 12, 2000.
Vulnerable: PHP PHP 4.0 0
PHP PHP 3.0 0
Not Vulnerable: PHP PHP 4.0.3
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Sun Cobalt Control Station 4100CS
+ Sun Cobalt Qube3 Japanese 4000WGJ
+ Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ
+ Sun Cobalt Qube3 Japanese w/Caching 4010WGJ
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ XTR Japanese 3500R-ja


 

Privacy Statement
Copyright 2010, SecurityFocus