Launchpad CVE tracker

CVE 2006-7243

PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2010111...
MLIST: [oss-security] 2010111...
MLIST: [oss-security] 2010120...
MLIST: [oss-security] 2010120...
MLIST: [oss-security] 2010120...
MISC: http://www.madirish.ne...
CONFIRM: http://bugs.php.net/39863
CONFIRM: http://www.php.net/Cha...
CONFIRM: http://www.php.net/arc...
CONFIRM: http://www.php.net/rel...
MANDRIVA: MDVSA-2010:254
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2011-03-21-1
REDHAT: RHSA-2013:1307
SECUNIA: 55078
REDHAT: RHSA-2013:1615
REDHAT: RHSA-2014:0311
BID: 44951
FEDORA: FEDORA-2015-8281
FEDORA: FEDORA-2015-8370
FEDORA: FEDORA-2015-8383
CONFIRM: http://svn.php.net/vie...
CONFIRM: http://svn.php.net/vie...
HP: HPSBUX02741
HP: HPSBOV02763
HP: SSRT100728
HP: SSRT100826
OVAL: oval:org.mitre.oval:de...

Launchpad.net

CVE 2006-7243

Related bugs

References