kras oda????
PHP does not perform proper bounds checking on functions related to Form-based File Uploads in HTML (RFC1867). Specifically, these problems occur in the functions which are used to decode MIME encoded files. There are numerous stack overflows, heap overflows, and off-by-one conditions.
Each of these conditions may be exploitable by remote attackers to execute arbitrary code on target systems with the privileges of the webserver process. Successful exploitation may result in the remote attackers gaining local access to the target webserver.
PHP is invoked through webservers remotely. It may be possible for remote attackers to execute this vulnerability to gain access to target systems. A vulnerable PHP interpreter module is available for Apache servers that is often enabled by default.
PHP Post File Upload Buffer Overflow Attack
Each of these conditions may be exploitable by remote attackers to execute arbitrary code on target systems with the privileges of the webserver process. Successful exploitation may result in the remote attackers gaining local access to the target webserver.
PHP is invoked through webservers remotely. It may be possible for remote attackers to execute this vulnerability to gain access to target systems. A vulnerable PHP interpreter module is available for Apache servers that is often enabled by default.
Kommentar