Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0967

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2000-0967
Last Modified 05 Sep 2008 04:22:18
Published 19 Dec 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0967

Summary

PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

Vulnerable Systems

Application

  • Php 3.0

  • Php 4.0


References

XF - php-logging-format-string

BID - 1786

REDHAT - RHSA-2000:095

REDHAT - RHSA-2000:088

MANDRAKE - MDKSA-2000:062

CALDERA - CSSA-2000-037.0

ATSTAKE - A101200-1

BUGTRAQ - 20001012 Conectiva Linux Security Announcement - mod_php3

FREEBSD - FreeBSD-SA-00:75


Last Updated: 27 May 2016 10:35:57