php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #40746 PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow
Submitted: 2007-03-07 09:45 UTC Modified: 2008-07-11 21:23 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: youza at post dot cz Assigned: fmk (profile)
Status: Wont fix Package: MSSQL related
PHP Version: 4.4.6 OS: Windows
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: youza at post dot cz
New email:
PHP Version: OS:

 

 [2007-03-07 09:45 UTC] youza at post dot cz 
Description:
------------
PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow and safe_mode bypass


Reproduce code:
---------------
See
http://www.securityfocus.com/archive/1/462010/30/0/threaded
or
original url: http://retrogod.altervista.org/php_446_mssql_connect_bof.html

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-03-07 17:37 UTC] fmk@php.net 
This is a problem with the dbopen() function in Microsofts ntdblib library, and not a problem within the PHP extension.

I'll add some length checks to the host parameter for mssql_connect() and mssql_pconnect() to prevent this from happening.

The problem does not exists in php_dblib.dll (the same extension compiled with FreeTDS version of the dblib library).
 [2008-07-11 21:23 UTC] jani@php.net 
We are sorry, but we can not support PHP 4 related problems anymore.
Momentum is gathering for PHP 6, and we think supporting PHP 4 will
lead to a waste of resources which we want to put into getting PHP 6
ready.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Apr 24 15:01:30 2024 UTC