FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- NULL byte poisoning

Affected packages
php5 < 5.3.4
php52 < 5.2.17_12

Details

VuXML ID 3761df02-0f9c-11e0-becc-0022156e8794
Discovery 2010-12-10
Entry 2011-01-13
Modified 2012-11-25

PHP-specific version of NULL-byte poisoning was briefly described by ShAnKaR:

Poison NULL byte vulnerability for perl CGI applications was described in [1]. ShAnKaR noted, that same vulnerability also affects different PHP applications.

PHP developers report that branch 5.3 received a fix:

Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).

References

CVE Name CVE-2006-7243
URL http://artofhacking.com/files/phrack/phrack55/P55-07.TXT
URL http://www.securityfocus.com/archive/1/archive/1/445788/100/0/threaded