[php-maint] Bug#354680: PHP4 in Sarge appears vulnerable to CVE-2005-3390

Nick Jenkins nickpj at gmail.com
Tue Feb 28 04:26:49 UTC 2006

Package: php4
Version: 4:4.3.10-16
Severity: normal
Tags: security


 The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5,
 when register_globals is enabled, allows remote attackers to modify the
 GLOBALS array and bypass security protections of PHP applications via a
 multipart/form-data POST request with a "GLOBALS" fileupload field.

Vulnerable PHP versions:
 PHP 4.x up to 4.4.0 and 5.x up to 5.0.5

 Resolved in Testing with bug 336645, but still appears to be
outstanding in Sarge (no PHP4 DSA at http://www.us.debian.org/security
since 29 Aug 2005)

More information about the pkg-php-maint mailing list