Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-2348
HistoryMar 30, 2015 - 12:00 a.m.

CVE-2015-2348

2015-03-3000:00:00
ubuntu.com
ubuntu.com
30
php
remote attackers
file extension restrictions
remote code execution

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS

0.008

Percentile

82.4%

The move_uploaded_file implementation in ext/standard/basic_functions.c in
PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a
pathname upon encountering a \x00 character, which allows remote attackers
to bypass intended extension restrictions and create files with unexpected
names via a crafted second argument. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2006-7243.

Bugs

Notes

Author Note
mdeslaur fixed in lucidโ€™s php5-CVE-2006-7243.patch, and is fixed in precise also. Seems to be a regression in 5.4+
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchphp5<ย 5.5.9+dfsg-1ubuntu4.9UNKNOWN
ubuntu14.10noarchphp5<ย 5.5.12+dfsg-2ubuntu4.4UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS

0.008

Percentile

82.4%