Is IMP vulnerable to the PHP syslog() bug?

Chuck Hagenbuch chuck@horde.org
Thu, 26 Oct 2000 10:50:53 -0400 (EDT)

Previous message: [imp] Doubt.
Next message: [imp] Is IMP vulnerable to the PHP syslog() bug?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Samuli Karkkainen <skarkkai@woods.iki.fi>:

> I wonder if you feel you can say for certain if IMP is vulnerable due
> to the recent PHP bug with syslog() function? I took a look at IMP's
> sources and didn't notice suspicious-looking syslog() usage, but I'm
> not even remotely sure I had understood the issue correctly. It'd be
> very nice if it was not necessary to update PHP on my IMP installations
> because of this.

I just read through the vulnerability again, and from the description, this
_only_ affects cases where log_errors is turned on in php(3).ini. Use of php's
syslog() function is not problematic.

If someone has an alternate understanding, I'd be interested to hear it.

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
Many states consider gambling so immoral that they not only prohibit private
gambling organizations, they thoughtfully provide their own.

Previous message: [imp] Doubt.
Next message: [imp] Is IMP vulnerable to the PHP syslog() bug?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]