[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: php 5.3.1 - "max_file_uploads"
From: Josh Bressers <bressers () redhat ! com>
Date: 2009-11-23 19:51:28
Message-ID: 259552101.599451259005888260.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
CVE-2009-4017
PHP versions before 5.3.1 contain a flow in the way multipart/form-data
handled file upload requests. A user making a specially crafted request could
cause the web server to consume resources processing the request.
http://www.php.net/releases/5_3_1.php
http://marc.info/?l=full-disclosure&m=125871907031725&w=2
Thanks.
--
JB
----- "Jan Lieskovsky" <jlieskov@redhat.com> wrote:
> Eren Türkay wrote:
> > On Friday 20 November 2009 12:41:50 pm Thomas Biege wrote:
> >> * Added "max_file_uploads" INI directive, which can be set to limit
> the
> >> number of file uploads per-request to 20 by default, to prevent
> possible
> >> DOS via temporary file exhaustion.
> >
> > Bogdan Calin disclosed the details about that vulnerability on
> full-disclosure
> > mailing list. He didn't disclosed his script but I wrote a PoC that
> works like
> > a charm. It makes DoS possible for any server that runs PHP within 1
> minute
> > with a few requests.
> >
> > Additionally, this vulnerability affects 5.2.11. I guess all
> products before
> > PHP 5.3.1 are vulnerable.
> >
> > I think this deserves CVE Id. Any ideas?
>
> Josh, could you please allocate one?
>
> Also changed the topic to match only 'php 5.3.1 - "max_file_uploads"'
> thing,
> so it isn't lost in other mails.
>
> Thanks && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic