FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-1172

This CVE name corresponds to:

Entered Topic
2012-04-28 php -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-1172
Phase Assigned(20120214)

Description

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.

References

Source Reference
MLIST [oss-security] 20120313 Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern
MISC http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/
MISC https://bugs.php.net/bug.php?id=48597
MISC https://bugs.php.net/bug.php?id=49683
MISC https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/
MISC https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf
CONFIRM http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664&r2=321663&pathrev=321664
CONFIRM http://svn.php.net/viewvc?view=revision&revision=321664
CONFIRM http://www.php.net/ChangeLog-5.php#5.4.0
CONFIRM https://bugs.php.net/bug.php?id=54374
CONFIRM https://bugs.php.net/bug.php?id=55500
CONFIRM http://support.apple.com/kb/HT5501
APPLE APPLE-SA-2012-09-19-2
FEDORA FEDORA-2012-6869
FEDORA FEDORA-2012-6907
FEDORA FEDORA-2012-6911
HP HPSBUX02791
HP SSRT100856