PHP :: Bug #16067 :: vulnerabilities in PHPH's file uploadcode

Bug #16067

vulnerabilities in PHPH's file uploadcode - still uncovered in 4.1.2

Submitted:

2002-03-14 09:33 UTC

Modified:

2002-03-19 05:13 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

zinin at mail dot biysk dot ru

Assigned:

Status:

Closed

Package:

Reproducible crash

PHP Version:

4.1.2

OS:

FreeBSD 4.2, 4.4

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	zinin at mail dot biysk dot ru
New email:
PHP Version:		OS:

New/Additional Comment:

[2002-03-14 09:33 UTC] zinin at mail dot biysk dot ru

Dear gentlemen,

On the February 28 a notice appeared regarding the problem concerning files upload in the php. The description of the problem can be found at http://security.e-matters.de/advisories/012002.html

 "Release Date:           2002/02/27
              Author:        Stefan Esser [s.esser@ematters.de]
              Application:  PHP v3.0.10-v3.0.18, v4.0.1-v4.1.1
              Severity:      Several vulnerabilities in PHP's fileupload code allow remote compromise
              Risk:            Critical
              Reference:
http://security.e-matters.de/advisories/012002.html
              Last Modified:  1002/02/28 "

We applied the patch, that was made by the php developers and is available at http://www.php.net/downloads.php
 (http://www.php.net/do_download.php?download_file=rfc1867.c.diff-4.1.x.gz)
We applied the given patch to the php 4.1.0 and supposed that we'll no
longer encounter the problem described above.

An exploit appeared recently, which after having been applied to the patched php 4.1.0 on the FreeBSD (4.2, 4.4 versions), crashes the child Apache (segmentation fault).
(exploit text - http://packetstormsecurity.nl/0203-exploits/phpxpl.c)
I.e. the php patch officially released on February 28 doesn't solve this problem to the end.
We downloaded the php version 4.1.2. The situation repeated on this php version either.

We have some questions in this regard:
- is the new php version release planned ( 4.1.3 for example) where there will be no such vulnerability?
- are there any patches planned to release for the php versions available, to workaround such vulnerability?

If such workarounds are planned - by what time should we expect it to become available ?

Thank you, 
Dmitry Zinin

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-03-19 05:13 UTC] yohgaki@php.net

This problem is already addressed and crackers can only crash web server. (It's not good, though)

We are in release process for 4.2.0, we may not release 4.1.3 for this.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 16:01:29 2024 UTC