PublicDateAtUSN: 2011-06-16
Candidate: CVE-2011-2202
PublicDate: 2011-06-16 23:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202
 http://openwall.com/lists/oss-security/2011/06/12/5
 https://ubuntu.com/security/notices/USN-1231-1
Description:
 The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7
 does not properly restrict filenames in multipart/form-data POST requests,
 which allows remote attackers to conduct absolute path traversal attacks,
 and possibly create or overwrite arbitrary files, via a crafted upload
 request, related to a "file path injection vulnerability."  
Ubuntu-Description: 
Notes: 
 mdeslaur> PoC: http://pastebin.com/1edSuSVN
Bugs: 
 https://bugs.launchpad.net/ubuntu/oneiric/+source/php5/+bug/813115
 http://bugs.php.net/bug.php?id=54939
Priority: medium
Discovered-by:
Assigned-to: sbeattie
CVSS: 

Patches_php5:
 upstream: http://svn.php.net/viewvc?view=revision&revision=312103
 debdiff: https://launchpad.net/bugs/813115
upstream_php5: released (5.3.6-12)
hardy_php5: released (5.2.4-2ubuntu5.18)
lucid_php5: released (5.3.2-1ubuntu4.10)
maverick_php5: released (5.3.3-1ubuntu9.6)
natty_php5: released (5.3.5-1ubuntu7.3)
oneiric_php5: not-affected (5.3.6-13ubuntu1)
devel_php5: not-affected (5.3.6-13ubuntu1)