ID: 16067 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Closed Bug Type: Reproducible crash Operating System: FreeBSD 4.2, 4.4 PHP Version: 4.1.2 New Comment:
This problem is already addressed and crackers can only crash web server. (It's not good, though) We are in release process for 4.2.0, we may not release 4.1.3 for this. Previous Comments: ------------------------------------------------------------------------ [2002-03-14 09:33:50] [EMAIL PROTECTED] Dear gentlemen, On the February 28 a notice appeared regarding the problem concerning files upload in the php. The description of the problem can be found at http://security.e-matters.de/advisories/012002.html "Release Date: 2002/02/27 Author: Stefan Esser [[EMAIL PROTECTED]] Application: PHP v3.0.10-v3.0.18, v4.0.1-v4.1.1 Severity: Several vulnerabilities in PHP's fileupload code allow remote compromise Risk: Critical Reference: http://security.e-matters.de/advisories/012002.html Last Modified: 1002/02/28 " We applied the patch, that was made by the php developers and is available at http://www.php.net/downloads.php (http://www.php.net/do_download.php?download_file=rfc1867.c.diff-4.1.x.gz) We applied the given patch to the php 4.1.0 and supposed that we'll no longer encounter the problem described above. An exploit appeared recently, which after having been applied to the patched php 4.1.0 on the FreeBSD (4.2, 4.4 versions), crashes the child Apache (segmentation fault). (exploit text - http://packetstormsecurity.nl/0203-exploits/phpxpl.c) I.e. the php patch officially released on February 28 doesn't solve this problem to the end. We downloaded the php version 4.1.2. The situation repeated on this php version either. We have some questions in this regard: - is the new php version release planned ( 4.1.3 for example) where there will be no such vulnerability? - are there any patches planned to release for the php versions available, to workaround such vulnerability? If such workarounds are planned - by what time should we expect it to become available ? Thank you, Dmitry Zinin ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=16067&edit=1
