CVE-2000-0059

Name of the Vulnerable Software and Affected Versions PHP versions 3.0.X

Description The issue concerns several problems in PHP. One problem is related to the handling of shell metacharacters in commands executed by popen when safe mode is enabled, which could allow remote attackers to execute commands. Additionally, there are issues with bounds checking in functions related to form-based file uploads, which could lead to buffer overruns and execution of arbitrary instructions. There is also a vulnerability in the error logging code when error logging is enabled, allowing malicious users to craft strings that can overwrite stack variables and gain remote access. Furthermore, PHP's handling of uploads can be manipulated to open arbitrary files on the server, potentially allowing remote users to read any file readable by the server's privilege level.

Recommendations For PHP version 3.0.X, consider disabling the use of popen and restrict access to sensitive files on the server to minimize the risk of exploitation. As a temporary workaround, consider disabling error logging until a patch is available. Restrict access to the upload functionality to prevent manipulation into opening arbitrary files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.