Launchpad.net

CVE 2011-2202

The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."

Related bugs and status

CVE-2011-2202 (Candidate) is related to these bugs:

Bug #813110: CVE-2011-1938

		In	Importance	Status
813110	CVE-2011-1938	php5 (Ubuntu)	Low	Fix Released
813110	CVE-2011-1938	php5 (Ubuntu Lucid)	Low	Fix Released
813110	CVE-2011-1938	php5 (Ubuntu Maverick)	Low	Fix Released
813110	CVE-2011-1938	php5 (Ubuntu Oneiric)	Low	Fix Released
813110	CVE-2011-1938	php5 (Ubuntu Natty)	Low	Fix Released

Bug #813115: CVE-2011-2202

		In	Importance	Status
813115	CVE-2011-2202	php5 (Ubuntu)	Medium	Fix Released
813115	CVE-2011-2202	php5 (Ubuntu Hardy)	Medium	Fix Released
813115	CVE-2011-2202	php5 (Ubuntu Lucid)	Medium	Fix Released
813115	CVE-2011-2202	php5 (Ubuntu Natty)	Medium	Fix Released
813115	CVE-2011-2202	php5 (Ubuntu Maverick)	Medium	Fix Released
813115	CVE-2011-2202	php5 (Ubuntu Oneiric)	Medium	Fix Released

Bug #852871: PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability

		In	Importance	Status
852871	PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability	php5 (Ubuntu)	Undecided	Fix Released
852871	PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability	php5 (Ubuntu Hardy)	Low	Won't Fix
852871	PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability	php5 (Ubuntu Lucid)	Low	Fix Released

Bug #852885: PHP rfc1867_post_handler File Path Injection Vulnerability

Summary				In	Importance	Status
	852885	PHP rfc1867_post_handler File Path Injection Vulnerability		php5 (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-2202

Related bugs and status

Related bugs

References