Ask a Question related to PHP Bugs, Design and Development.
-
youza at post dot cz #1
#40746 [NEW]: PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow
From: youza at post dot cz
Operating system: Windows
PHP version: 4.4.6
PHP Bug Type: MySQL related
Bug description: PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow
Description:
------------
PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow and
safe_mode bypass
Reproduce code:
---------------
See
[url]http://www.securityfocus.com/archive/1/462010/30/0/threaded[/url]
or
original url:
[url]http://retrogod.altervista.org/php_446_mssql_connect_bof.html[/url]
--
Edit bug report at [url]http://bugs.php.net/?id=40746&edit=1[/url]
--
Try a CVS snapshot (PHP 4.4): [url]http://bugs.php.net/fix.php?id=40746&r=trysnapshot44[/url]
Try a CVS snapshot (PHP 5.2): [url]http://bugs.php.net/fix.php?id=40746&r=trysnapshot52[/url]
Try a CVS snapshot (PHP 6.0): [url]http://bugs.php.net/fix.php?id=40746&r=trysnapshot60[/url]
Fixed in CVS: [url]http://bugs.php.net/fix.php?id=40746&r=fixedcvs[/url]
Fixed in release: [url]http://bugs.php.net/fix.php?id=40746&r=alreadyfixed[/url]
Need backtrace: [url]http://bugs.php.net/fix.php?id=40746&r=needtrace[/url]
Need Reproduce Script: [url]http://bugs.php.net/fix.php?id=40746&r=needscript[/url]
Try newer version: [url]http://bugs.php.net/fix.php?id=40746&r=oldversion[/url]
Not developer issue: [url]http://bugs.php.net/fix.php?id=40746&r=support[/url]
Expected behavior: [url]http://bugs.php.net/fix.php?id=40746&r=notwrong[/url]
Not enough info: [url]http://bugs.php.net/fix.php?id=40746&r=notenoughinfo[/url]
Submitted twice: [url]http://bugs.php.net/fix.php?id=40746&r=submittedtwice[/url]
register_globals: [url]http://bugs.php.net/fix.php?id=40746&r=globals[/url]
PHP 3 support discontinued: [url]http://bugs.php.net/fix.php?id=40746&r=php3[/url]
Daylight Savings: [url]http://bugs.php.net/fix.php?id=40746&r=dst[/url]
IIS Stability: [url]http://bugs.php.net/fix.php?id=40746&r=isapi[/url]
Install GNU Sed: [url]http://bugs.php.net/fix.php?id=40746&r=gnused[/url]
Floating point limitations: [url]http://bugs.php.net/fix.php?id=40746&r=float[/url]
No Zend Extensions: [url]http://bugs.php.net/fix.php?id=40746&r=nozend[/url]
MySQL Configuration Error: [url]http://bugs.php.net/fix.php?id=40746&r=mysqlcfg[/url]
youza at post dot cz Guest
-
#38687 [Asn->Csd]: Possible buffer overflow in stream_socket_client() when using "bindto" + IPv6
ID: 38687 Updated by: pollita@php.net Reported By: christian dot schuster at s2000 dot tu-chemnitz dot de -Status: ... -
Free Buffer Overflow Protection Software for Windows 2000/XP/2003 Systems
BufferShield is security software, capable of detecting and preventing attempts to execute code on the stack and the heap memory area, in order to... -
buffer overflow
I have been programming with Perl for a year now and supporting my own webserver but with all of MS's security issues I was wondering if someone... -
#25217 [NEW]: calling ob_gzhandler after modified buffer in ob handler, return origin buffer
From: Xuefer at 21cn dot com Operating system: win PHP version: 4.3.3RC4 PHP Bug Type: Output Control Bug description: ... -
#20467 [Com]: Buffer overflow returning binary
ID: 20467 Comment by: r dot vanicek at seznam dot cz Reported By: freddy77 at angelfire dot com Status: Closed... -
tony2001@php.net #2 #40746 [Opn->Asn]: PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow
ID: 40746
Updated by: [email]tony2001@php.net[/email]
Reported By: youza at post dot cz
-Status: Open
+Status: Assigned
-Bug Type: MySQL related
+Bug Type: MSSQL related
Operating System: Windows
PHP Version: 4.4.6
-Assigned To:
+Assigned To: fmk
Previous Comments:
------------------------------------------------------------------------
[2007-03-07 09:45:54] youza at post dot cz
Description:
------------
PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow
and safe_mode bypass
Reproduce code:
---------------
See
[url]http://www.securityfocus.com/archive/1/462010/30/0/threaded[/url]
or
original url:
[url]http://retrogod.altervista.org/php_446_mssql_connect_bof.html[/url]
------------------------------------------------------------------------
--
Edit this bug report at [url]http://bugs.php.net/?id=40746&edit=1[/url]
tony2001@php.net Guest
-
fmk@php.net #3 #40746 [Asn]: PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow
ID: 40746
Updated by: [email]fmk@php.net[/email]
Reported By: youza at post dot cz
Status: Assigned
Bug Type: MSSQL related
Operating System: Windows
PHP Version: 4.4.6
Assigned To: fmk
New Comment:
This is a problem with the dbopen() function in Microsofts ntdblib
library, and not a problem within the PHP extension.
I'll add some length checks to the host parameter for mssql_connect()
and mssql_pconnect() to prevent this from happening.
The problem does not exists in php_dblib.dll (the same extension
compiled with FreeTDS version of the dblib library).
Previous Comments:
------------------------------------------------------------------------
[2007-03-07 09:45:54] youza at post dot cz
Description:
------------
PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow
and safe_mode bypass
Reproduce code:
---------------
See
[url]http://www.securityfocus.com/archive/1/462010/30/0/threaded[/url]
or
original url:
[url]http://retrogod.altervista.org/php_446_mssql_connect_bof.html[/url]
------------------------------------------------------------------------
--
Edit this bug report at [url]http://bugs.php.net/?id=40746&edit=1[/url]
fmk@php.net Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
