[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: php 5.3.1 - "max_file_uploads"
From:       Josh Bressers <bressers () redhat ! com>
Date:       2009-11-23 19:51:28
Message-ID: 259552101.599451259005888260.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

CVE-2009-4017

PHP versions before 5.3.1 contain a flow in the way multipart/form-data
handled file upload requests. A user making a specially crafted request could
cause the web server to consume resources processing the request.

http://www.php.net/releases/5_3_1.php
http://marc.info/?l=full-disclosure&m=125871907031725&w=2

Thanks.

-- 
    JB

----- "Jan Lieskovsky" <jlieskov@redhat.com> wrote:

> Eren Türkay wrote:
> > On Friday 20 November 2009 12:41:50 pm Thomas Biege wrote:
> >> * Added "max_file_uploads" INI directive, which can be set to limit
> the
> >> number of file uploads per-request to 20 by default, to prevent
> possible
> >> DOS via temporary file exhaustion.
> > 
> > Bogdan Calin disclosed the details about that vulnerability on
> full-disclosure 
> > mailing list. He didn't disclosed his script but I wrote a PoC that
> works like 
> > a charm. It makes DoS possible for any server that runs PHP within 1
> minute 
> > with a few requests.
> > 
> > Additionally, this vulnerability affects 5.2.11. I guess all
> products before 
> > PHP 5.3.1 are vulnerable.
> > 
> > I think this deserves CVE Id. Any ideas?
> 
>    Josh, could you please allocate one?
> 
> Also changed the topic to match only 'php 5.3.1 - "max_file_uploads"'
> thing,
> so it isn't lost in other mails.
> 
> Thanks && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team

[prev in list] [next in list] [prev in thread] [next in thread]