oss-sec mailing list archives
Re: CVE request: php 5.3.1 - "max_file_uploads" [was: Re: [oss-security] CVE request: php 5.3.1 update]
From: Josh Bressers <bressers () redhat com>
Date: Mon, 23 Nov 2009 14:51:28 -0500 (EST)
CVE-2009-4017 PHP versions before 5.3.1 contain a flow in the way multipart/form-data handled file upload requests. A user making a specially crafted request could cause the web server to consume resources processing the request. http://www.php.net/releases/5_3_1.php http://marc.info/?l=full-disclosure&m=125871907031725&w=2 Thanks. -- JB ----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:
Eren Türkay wrote:On Friday 20 November 2009 12:41:50 pm Thomas Biege wrote:* Added "max_file_uploads" INI directive, which can be set to limitthenumber of file uploads per-request to 20 by default, to preventpossibleDOS via temporary file exhaustion.Bogdan Calin disclosed the details about that vulnerability onfull-disclosuremailing list. He didn't disclosed his script but I wrote a PoC thatworks likea charm. It makes DoS possible for any server that runs PHP within 1minutewith a few requests. Additionally, this vulnerability affects 5.2.11. I guess allproducts beforePHP 5.3.1 are vulnerable. I think this deserves CVE Id. Any ideas?Josh, could you please allocate one? Also changed the topic to match only 'php 5.3.1 - "max_file_uploads"' thing, so it isn't lost in other mails. Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE request: php 5.3.1 update Thomas Biege (Nov 20)
- Re: CVE request: php 5.3.1 update Joe Orton (Nov 20)
- Re: CVE request: php 5.3.1 update Tomas Hoger (Nov 20)
- Re: CVE request: php 5.3.1 update Eren Türkay (Nov 20)
- Re: CVE request: php 5.3.1 - "max_file_uploads" [was: Re: [oss-security] CVE request: php 5.3.1 update] Jan Lieskovsky (Nov 23)
- Re: CVE request: php 5.3.1 - "max_file_uploads" [was: Re: [oss-security] CVE request: php 5.3.1 update] Josh Bressers (Nov 23)
- Re: CVE request: php 5.3.1 - "max_file_uploads" [was: Re: [oss-security] CVE request: php 5.3.1 update] Jan Lieskovsky (Nov 23)
- Re: CVE request: php 5.3.1 update security curmudgeon (Nov 21)
- Re: CVE request: php 5.3.1 update Joe Orton (Nov 20)