111011 – dev-lang/php // dev-php/php <= 4.4.0, <= 5.0.5 File-Upload $GLOBALS Overwrite Vulnerability

Bug 111011 - dev-lang/php // dev-php/php <= 4.4.0, <= 5.0.5 File-Upload $GLOBALS Overwrite Vulnerability

Summary: dev-lang/php // dev-php/php <= 4.4.0, <= 5.0.5 File-Upload $GLOBALS Overwrite...

Status:	RESOLVED DUPLICATE of bug 111032

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:	http://www.hardened-php.net/advisory_...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-10-31 06:15 UTC by Vic Fryzel (shellsage) (RETIRED)
Modified:	2005-10-31 13:33 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vic Fryzel (shellsage) (RETIRED) gentoo-dev

2005-10-31 06:15:08 UTC

$GLOBALS overwrite can lead to unexpected behaviour of PHP applications, which
can lead to execution of remote PHP code in many situations.

Explanation of problem:
http://www.hardened-php.net/globals-problem

See original advisory for public exploit details:
http://www.hardened-php.net/advisory_202005.79.html

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-10-31 13:33:25 UTC

Regrouping issues...

*** This bug has been marked as a duplicate of 111032 ***