CVE-2012-1172

Publication date 23 May 2012

Last updated 24 July 2024

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
php5	12.04 LTS precise	Fixed 5.3.10-1ubuntu3.2
	11.10 oneiric	Fixed 5.3.6-13ubuntu3.8
	11.04 natty	Fixed 5.3.5-1ubuntu7.10
	10.10 maverick	Ignored end of life
	10.04 LTS lucid	Fixed 5.3.2-1ubuntu4.17
	8.04 LTS hardy	Fixed 5.2.4-2ubuntu5.25

Notes

jdstrand

some argue bug is in script, not the language, but PHP does try to sanitize $_FILES. Script writers may be relying on that.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
php5	Upstream: http://svn.php.net/viewvc?view=revision&revision=321664 Upstream: http://git.php.net/?p=php-src.git;a=commit;h=95dcd799fb6fdccbc60d3bba3cd759f6b421ee69 Upstream: http://git.php.net/?p=php-src.git;a=commit;h=baeaafd3951451c7dadf949c7677e90141c1e17a

References

Related Ubuntu Security Notices (USN)