CVE Reference: CVE-2006-7243

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2006-7243

Description:
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA55078

REDHAT
  http://rhn.redhat.com/errata/RHSA-2013-1615.html
  http://rhn.redhat.com/errata/RHSA-2014-0311.html
  http://rhn.redhat.com/errata/RHSA-2013-1307.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12569

MLIST
  http://openwall.com/lists/oss-security/2010/12/09/11
  http://openwall.com/lists/oss-security/2010/12/09/10
  http://openwall.com/lists/oss-security/2010/12/09/9
  http://openwall.com/lists/oss-security/2010/11/18/5
  http://openwall.com/lists/oss-security/2010/11/18/4

MISC
  http://www.madirish.net/?article=436

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDVSA-2010:254

HP
  http://marc.info/?l=bugtraq&m=132871655717248&w=2

CONFIRM
  http://support.apple.com/kb/HT4581
  http://www.php.net/releases/5_3_4.php
  http://www.php.net/archive/2010.php#id2010-12-10-1
  http://www.php.net/ChangeLog-5.php
  http://svn.php.net/viewvc?view=revision&revision=305507
  http://svn.php.net/viewvc?view=revision&revision=305412
  http://bugs.php.net/39863

APPLE
  http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html


Return to the previous page.