PHP Upload Progress Meter UploadProgress.C远程缓冲区溢出漏洞

2006-12-08T00:00:00
ID SSV:740
Type seebug
Reporter Root
Modified 2006-12-08T00:00:00

Description

Upload Progress Meter是一款基于PHP的文件上传应用程序。

Upload Progress Meter uploadprogress.c存在缓冲区溢出,远程攻击者可以利用漏洞进行拒绝服务攻击,存在执行任意指令可能。

efree()函数中存在堆溢出,精心构建提交数据,可能导致覆盖内存而造成任意指令执行。

Bitflux Upload Progress Meter 8275 Bitflux Upload Progress Meter 8215

厂商解决方案

升级到最新程序:

Bitflux Upload Progress Meter 8275

Bitflux uploadprogress.c - Revision 8276 <a href="https://ssl.bitflux.ch/horde/chora/co.php/misc/uploadprogress/uploadpr" target="_blank">https://ssl.bitflux.ch/horde/chora/co.php/misc/uploadprogress/uploadpr</a> ogress.c?r=8276&p=1

Bitflux Upload Progress Meter 8215

Bitflux uploadprogress.c - Revision 8276 <a href="https://ssl.bitflux.ch/horde/chora/co.php/misc/uploadprogress/uploadpr" target="_blank">https://ssl.bitflux.ch/horde/chora/co.php/misc/uploadprogress/uploadpr</a> ogress.c?r=8276&p=1