Bug 17245 - upload form could be used to read any file on a system
upload form could be used to read any file on a system
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: php (Show other bugs)
7.1
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-09-05 03:45 EDT by Arenas Belon, Carlo Marcelo
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-09-11 14:49:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch for upload bug, build from zeev instructions on bugzilla (6.76 KB, patch)
2000-09-05 03:48 EDT, Arenas Belon, Carlo Marcelo
no flags Details | Diff

  None (edit)
Description Arenas Belon, Carlo Marcelo 2000-09-05 03:45:59 EDT
as explained on http://bugs.php.net/bugs.php?id=6496, a bug on the
generation of internal variables of PHP could be used to read any file on a
system (now on bugtraq)

php-4.0.2 is affected and previous versions should be also (tested on RC2
at least)

the attached patch fixes the problem.

upgrade to php-4.0.2 is a good idea too, spec on bug 17171 should be used
for this
Comment 1 Arenas Belon, Carlo Marcelo 2000-09-05 03:48:22 EDT
Created attachment 3239 [details]
patch for upload bug, build from zeev instructions on bugzilla
Comment 2 Nalin Dahyabhai 2000-09-07 11:17:28 EDT
An errata is being prepped.
Comment 3 Nalin Dahyabhai 2000-09-11 14:49:45 EDT
Hang on -- the bug is only a problem on poorly-coded pages, and the fix in CVS
appears to actually break certain other things which it's not supposed to (which
looks like it might actually be a problem in the hash table implementation in
Zend).
Comment 4 Arenas Belon, Carlo Marcelo 2000-10-17 13:29:37 EDT
obsoleted by 18965.
this patch is *somehow* included on 4.0.3pl1

Note You need to log in before you can comment on or make changes to this bug.