FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-2202

This CVE name corresponds to:

Entered Topic
2011-08-20 php -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2011-2202
Phase Assigned(20110531)

Description

The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."

References

Source Reference
MLIST [oss-security] 20110612 CVE Request: PHP File upload filename
MLIST [oss-security] 20110613 Re: CVE Request: PHP File upload filename
MISC http://pastebin.com/1edSuSVN
CONFIRM http://bugs.php.net/bug.php?id=54939
CONFIRM http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?view=markup&pathrev=312103
CONFIRM http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/rfc1867.c?r1=312103&r2=312102&pathrev=312103
CONFIRM http://svn.php.net/viewvc?view=revision&revision=312103
CONFIRM http://www.php.net/ChangeLog-5.php#5.3.7
CONFIRM http://www.php.net/archive/2011.php#id2011-08-18-1
CONFIRM http://support.apple.com/kb/HT5130
APPLE APPLE-SA-2012-02-01-1
DEBIAN DSA-2266
MANDRIVA MDVSA-2011:165
REDHAT RHSA-2011:1423
REDHAT RHSA-2012:0071
BID 48259
BID 49241
SECTRACK 1025659
SECUNIA 44874
XF php-sapiposthandlerfunc-sec-bypass(67999)