<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-2202" target="_blank">CVE</a>)</em> : The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a &quot;file path injection vulnerability.&quot;

Upgrade to version 5.3.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Unknown or Incomplete

• Security Tracker: 1025659
• CVE ID: 2011-2202 (see also: NVD)
• Secunia Advisory ID: 43012 44874 45062 45762 45977 46037 46358 46374 46425 46679 46710 47634 47820 47843 48802 48828
• Bugtraq ID: 48259 49241
• ISS X-Force ID: 67999
• Vendor Specific News/Changelog Entry: http://bugs.php.net/bug.php?id=54939
  http://kolab.org/pipermail/kolab-announce/2011/000102.html
  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066102.html
  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066103.html
  http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066104.html
  http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00005.html
  http://security.gentoo.org/glsa/glsa-201110-06.xml
  http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/rfc1867.c?r1=312103&r2=312102&pathrev=312103
  http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?view=markup&pathrev=312103
  http://svn.php.net/viewvc?view=revision&revision=312103
• Vendor Specific Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03280632
  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03281867
  http://lists.debian.org/debian-security-announce/2011/msg00137.html
  http://lists.debian.org/debian-security-announce/2011/msg00140.html
  http://lists.opensuse.org/opensuse-updates/2011-10/msg00014.html
  http://lists.opensuse.org/opensuse-updates/2011-10/msg00015.html
  http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.575575
  http://support.apple.com/kb/HT5130
  http://www.ubuntu.com/usn/usn-1231-1/
• Other Advisory URL: http://openwall.com/lists/oss-security/2011/06/12/5
  http://openwall.com/lists/oss-security/2011/06/13/15
  http://pastebin.com/1edSuSVN
• Packet Storm: http://packetstormsecurity.org/files/111915/HP-Security-Bulletin-HPSBMU02764-SSRT100827.html
  http://packetstormsecurity.org/files/111919/HP-Security-Bulletin-HPSBOV02763-SSRT100826.html
  http://packetstormsecurity.org/files/112043/HP-Security-Bulletin-HPSBMU02764-SSRT100827-2.html
• Mail List Post: http://seclists.org/bugtraq/2012/Apr/112
  http://seclists.org/bugtraq/2012/Apr/113
  http://seclists.org/bugtraq/2012/Apr/159
  http://seclists.org/fulldisclosure/2011/Oct/483
• Vendor URL: http://www.php.net
• RedHat RHSA: RHSA-2011-1423 RHSA-2011:1423 RHSA-2012:0033 RHSA-2012:0071

Unknown or Incomplete