php -- vulnerability in RFC 1867 file upload processing

Description:

Stefano Di Paola discovered an issue with PHP that could allow someone to upload a file to any directory writeable by the httpd process. Any sanitizing performed on the prepended directory path is ignored. This bug can only be triggered if the $_FILES element name contains an underscore.

References:

List post: <http://marc.theaimsgroup.com/?l=bugtraq&m=109534848430404>(search)
List post: <http://marc.theaimsgroup.com/?l=bugtraq&m=109648426331965>(search)

Affects:

php4 <=4.3.8_2
php4-cgi <=4.3.8_2
mod_php4 <=4.3.8_2,1
php5 <=5.0.1
php5-cgi <=5.0.1
mod_php5 <=5.0.1,1

portaudit: php -- vulnerability in RFC 1867 file upload processing

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Officer. Refer to "FreeBSD Security Information" for more information.

Oliver Eikemeier <eik@FreeBSD.org>