Is IMP vulnerable to the PHP syslog() bug?
Chuck Hagenbuch
chuck@horde.org
Thu, 26 Oct 2000 10:50:53 -0400 (EDT)
Quoting Samuli Karkkainen <skarkkai@woods.iki.fi>:
> I wonder if you feel you can say for certain if IMP is vulnerable due
> to the recent PHP bug with syslog() function? I took a look at IMP's
> sources and didn't notice suspicious-looking syslog() usage, but I'm
> not even remotely sure I had understood the issue correctly. It'd be
> very nice if it was not necessary to update PHP on my IMP installations
> because of this.
I just read through the vulnerability again, and from the description, this
_only_ affects cases where log_errors is turned on in php(3).ini. Use of php's
syslog() function is not problematic.
If someone has an alternate understanding, I'd be interested to hear it.
-chuck
--
Charles Hagenbuch, <chuck@horde.org>
Many states consider gambling so immoral that they not only prohibit private
gambling organizations, they thoughtfully provide their own.