A serious vulnerability has been discovered in versions 4.2.0 and 4.2.1 of PHP, a popular scripting language that is used to power millions of web sites. The parser which handles the headers of HTTP POST requests has a buffer overflow which can be exploited remotely or locally for priviliged system access, even through a firewall. The PHP group have issued an advisory which has more details and a workaround. Version 4.2.2, which incorporates a fix for the vulnerability, has also been released in source code and binary form.

Update: CERT has issued advisory CA-2002-21 for this
bug, including comprehensive vendor-specific information.