Test ID:	1.3.6.1.4.1.25623.1.0.51839
Category:	CGI abuses
Title:	PHP Error Logging Format String Vulnerability
Summary:	NOSUMMARY
Description:	Description: The remote host is running a version of PHP older than 3.0.17 or 4.0.3. If 'log_errors' is enabled in php.ini, a user may force abitrary data to be sent to php_syslog(), which in turn when processed by *printf functions, can result in a stack overwrite and execution of abitrary code. Solution : Upgrade to PHP 3.0.17 or 4.0.3 or later, or make sure that 'log_errors' is set to 'Off'. Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	BugTraq ID: 1786 Common Vulnerability Exposure (CVE) ID: CVE-2000-0967 @stake Security Advisory: A101200-1 http://www.atstake.com/research/advisories/2000/a101200-1.txt http://www.securityfocus.com/bid/1786 Bugtraq: 20001012 Conectiva Linux Security Announcement - mod_php3 (Google Search) http://archives.neohapsis.com/archives/bugtraq/2000-10/0204.html Caldera Security Advisory: CSSA-2000-037.0 http://www.calderasystems.com/support/security/advisories/CSSA-2000-037.0.txt Debian Security Information: 20001014a (Google Search) Debian Security Information: 20001014b (Google Search) FreeBSD Security Advisory: FreeBSD-SA-00:75 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:75.php.asc http://www.linux-mandrake.com/en/security/MDKSA-2000-062.php3?dis=7.1 http://www.redhat.com/support/errata/RHSA-2000-088.html http://www.redhat.com/support/errata/RHSA-2000-095.html XForce ISS Database: php-logging-format-string(5359) https://exchange.xforce.ibmcloud.com/vulnerabilities/5359
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.