Red Hat Bugzilla – Bug 134976
CAN-2004-0959 PHP arbitrary file creation
Last modified: 2007-11-30 17:10:51 EST
This issue was reported to bugtraq on 2004-09-15
Bad array parsing in the rfc1867.c file could lead to the overwriting
of the $_FILES array, which in turn could allow an attacker to write
arbitrary files with the permission of the user running apache.
I've created attachment 104908 [details] which contains the upstream patch from
CVS. We could also upgrade to version 4.3.9 which fixes this issue.