[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Php Vulnerability N. 2
From: Stefano Di Paola <stefano.dipaola () wisec ! it>
Date: 2004-09-15 17:07:37
Message-ID: 1095268057.2818.20.camel () localhost
[Download message RAW]
Let's go for the second one:
=========================================
Title: Overwrite $_FILE array in rfc1867 - Mime multipart/form-data
File
Upload
Affected: Php <= 5.0.1
Not Affected: it seems none
Vulnerability Type: Possible write of a downloaded file in an
arbitrary
location.
Vendor Status: Vendor has released a fix on cvs.php.net
==Summary:
Bad array parsing in rfc1867.c could lead to overwrite $_FILES array
elements.
==Description:
I don't know if releasing a POC for this vuln is a good thing because
php is used widely in the net...
so if you are interested feel free to contact me.
==Solution:
Authors where contacted and they have released the patch
that can be found on the CVS
cvs.php.net
=================================================
Regards,
Stefano
-..----=oOOo=----=oOOo=---------
Stefano Di Paola
Software Engineer
stefano.dipaola_at_wisec_dot_it
stefano.dipaola1_at_tin_dot_it
-------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Donate | Add a list | Sponsors: 10East,
KoreLogic, Terra-International, Chakpak.com
--~--~---------~--~----~------------~-------~--~----~
要向邮件组发送邮件,请发到 [email protected]
要退订此邮件,请发邮件至 [email protected]
-~----------~----~----~----~------~----~------~--~---
