Vigil@nce - PHP: two vulnerabilities
May 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use two vulnerabilities of PHP, in order to read
or create files.
Severity: 2/4
Creation date: 02/05/2012
IMPACTED PRODUCTS
– Debian Linux
– Fedora
– Mandriva Enterprise Server
– Mandriva Linux
– openSUSE
– PHP
– SUSE Linux Enterprise Desktop
– SUSE Linux Enterprise Server
DESCRIPTION OF THE VULNERABILITY
Two vulnerabilities were announced in PHP.
The $_FILES array contains information on files uploaded by users.
However, if the filename contains brackets, the $_FILES array is
incorrectly initialized. Depending on the script, the attacker can
then for example change the destination file name where the
uploaded file will be stored. [severity:2/4; BID-53403,
CVE-2012-1172]
An attacker can use the readline_write_history() and
readline_read_history() functions, in order to access to files
located outside directories defined in open_basedir. [severity:2/4]
An attacker can therefore use two vulnerabilities of PHP, in order
to read or create files.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/PHP-two-vulnerabilities-11572