VULHUB ™

FreeBSD Security Advisory FreeBSD-SA-00:75 - The mod_php ports, versions prior to 3.0.17 (mod_php3) and 4.0.3 (mod_php4), contain a potential vulnerability that may allow a malicious remote user to execute arbitrary code as the user running the web server, typically user 'nobody'. The vulnerability is due to a format string vulnerability in the error logging routines. A web server is vulnerable if error logging is enabled in php.ini. Additionally, individual php scripts may cause the web server to be vulnerable if the script uses the syslog() php function regardless of error logging in php.ini.

FreeBSD Security Advisory FreeBSD-SA-00:75 - The mod_php ports, versions prior to 3.0.17 (mod_php3) and 4.0.3 (mod_php4), contain a potential vulnerability that may allow a malicious remote user to execute arbitrary code as the user running the web server, typically user 'nobody'. The vulnerability is due to a format string vulnerability in the error logging routines. A web server is vulnerable if error logging is enabled in php.ini. Additionally, individual php scripts may cause the web server to be vulnerable if the script uses the syslog() php function regardless of error logging in php.ini.