CVE-2011-2202

Publication date 16 June 2011

Last updated 24 July 2024

Ubuntu priority

The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
php5	11.10 oneiric	Not affected
	11.04 natty	Fixed 5.3.5-1ubuntu7.3
	10.10 maverick	Fixed 5.3.3-1ubuntu9.6
	10.04 LTS lucid	Fixed 5.3.2-1ubuntu4.10
	8.04 LTS hardy	Fixed 5.2.4-2ubuntu5.18

Notes

mdeslaur

PoC: http://pastebin.com/1edSuSVN

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
php5	Upstream: http://svn.php.net/viewvc?view=revision&revision=312103 Debdiff: https://launchpad.net/bugs/813115

References

Related Ubuntu Security Notices (USN)