1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
PublicDateAtUSN: 2015-03-30
Candidate: CVE-2015-2348
PublicDate: 2015-03-30
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2348
http://php.net/ChangeLog-5.php
http://www.ubuntu.com/usn/usn-2572-1
Description:
The move_uploaded_file implementation in ext/standard/basic_functions.c in
PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a
pathname upon encountering a \x00 character, which allows remote attackers
to bypass intended extension restrictions and create files with unexpected
names via a crafted second argument. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2006-7243.
Ubuntu-Description:
Notes:
mdeslaur> fixed in lucid's php5-CVE-2006-7243.patch, and is fixed in
mdeslaur> precise also. Seems to be a regression in 5.4+
Bugs:
https://bugs.php.net/bug.php?id=69207
Priority: low
Discovered-by: Paulos Yibelo
Assigned-to: mdeslaur
Patches_php5:
upstream: http://git.php.net/?p=php-src.git;a=commit;h=1291d6bbee93b6109eb07e8f7916ff1b7fcc13e1
upstream_php5: released (5.6.7)
lucid_php5: not-affected (5.3.2-1ubuntu4.29)
precise_php5: not-affected (5.3.10-1ubuntu3.17)
trusty_php5: released (5.5.9+dfsg-1ubuntu4.9)
utopic_php5: released (5.5.12+dfsg-2ubuntu4.4)
devel_php5: released (5.6.4+dfsg-4ubuntu5)
|