Vulnerabilities > CVE-2002-0081 - Buffer Overflow vulnerability in PHP Post File Upload
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-115.NASL description Stefan Esser, who is also a member of the PHP team, found several flawsin the way PHP handles multipart/form-data POST requests (as described in RFC1867) known as POST fileuploads. Each of the flaws could allow an attacker to execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 14952 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14952 title Debian DSA-115-1 : php - broken boundary check and more NASL family Web Servers NASL id PHP_SPLIT_MIME.NASL description The remote host is running a version of PHP earlier than 4.1.2. There are several flaws in how PHP handles multipart/form-data POST requests, any one of which could allow an attacker to gain remote access to the system. last seen 2020-06-01 modified 2020-06-02 plugin id 10867 published 2002-02-28 reporter This script is Copyright (C) 2002-2018 Thomas Reinke source https://www.tenable.com/plugins/nessus/10867 title PHP mime_split Function POST Request Overflow NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-017.NASL description Several flaws exist in various versions of PHP in the way it handles multipart/form-data POST requests, which are used for file uploads. The php_mime_split() function could be used by an attacker to execute arbitrary code on the server. This affects both PHP4 and PHP3. The authors have fixed this in PHP 4.1.2 and provided patches for older versions of PHP. last seen 2020-06-01 modified 2020-06-02 plugin id 13925 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13925 title Mandrake Linux Security Advisory : php (MDKSA-2002:017)
Redhat
| advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000468
- http://marc.info/?l=bugtraq&m=101484705523351&w=2
- http://marc.info/?l=bugtraq&m=101497256024338&w=2
- http://marc.info/?l=bugtraq&m=101537076619812&w=2
- http://marc.info/?l=ntbugtraq&m=101484975231922&w=2
- http://marc.info/?l=vuln-dev&m=101468694824998&w=2
- http://online.securityfocus.com/advisories/3911
- http://security.e-matters.de/advisories/012002.html
- http://www.cert.org/advisories/CA-2002-05.html
- http://www.debian.org/security/2002/dsa-115
- http://www.iss.net/security_center/static/8281.php
- http://www.kb.cert.org/vuls/id/297363
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php
- http://www.linuxsecurity.com/advisories/other_advisory-1924.html
- http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html
- http://www.php.net/downloads.php
- http://www.redhat.com/support/errata/RHSA-2002-035.html
- http://www.redhat.com/support/errata/RHSA-2002-040.html
- http://www.securityfocus.com/bid/4183