From: [EMAIL PROTECTED] Operating system: all PHP version: 4.0 Latest CVS (04/04/2001) PHP Bug Type: Unknown/Other Function Bug description: potential Bufferoverflow in extensions based on skeleton... When i was looking through the CVS version of php, i discovered the following piece of code in skeleton.c ---snip--- PHP_FUNCTION(confirm_extname_compiled) { zval **arg; int len; char string[256]; ... ... ... len = sprintf(string, "Congratulations, you have successfully modified .... t/extname/config.m4, module %s is compiled into PHP", Z_STRVAL_PP(arg)); ---snap--- of course the sprintf could be used to perform a standart bufferoverflow. It should be better changed into ... %.50s ... or similiar to do not create a potential vulnerability. As far as i can see ircg and cybermut sources still have the compile confirmation in them... ciao, Stefan Esser -- Edit Bug report at: http://bugs.php.net/?id=10167&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]