PHP Upload Progress Meter UploadProgress.C Remote Buffer Overflow Vulnerability
BID:21417
Info
PHP Upload Progress Meter UploadProgress.C Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 21417 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 04 2006 12:00AM |
| Updated: | Dec 04 2006 09:54PM |
| Credit: | Stefan Esser is credited with the discovery of this issue. |
| Vulnerable: |
Bitflux Upload Progress Meter 8275 Bitflux Upload Progress Meter 8215 |
| Not Vulnerable: |
Bitflux Upload Progress Meter 8276 |
Discussion
PHP Upload Progress Meter UploadProgress.C Remote Buffer Overflow Vulnerability
Upload Progress Meter is prone to a buffer-overflow vulnerability because it fails to perform adequate bounds checking before copying user-supplied data to an insufficiently sized buffer.
Attackers can exploit this issue to execute arbitrary commands that could compromise the webserver. Failed attempts can cause denial-of-service conditions.
Versions 8215 to 8275 are vulnerable.
Upload Progress Meter is prone to a buffer-overflow vulnerability because it fails to perform adequate bounds checking before copying user-supplied data to an insufficiently sized buffer.
Attackers can exploit this issue to execute arbitrary commands that could compromise the webserver. Failed attempts can cause denial-of-service conditions.
Versions 8215 to 8275 are vulnerable.
Exploit / POC
PHP Upload Progress Meter UploadProgress.C Remote Buffer Overflow Vulnerability
Attackers can exploit this issue via a web client.
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Attackers can exploit this issue via a web client.
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Solution / Fix
PHP Upload Progress Meter UploadProgress.C Remote Buffer Overflow Vulnerability
Solution:
The vendor has released a fix to address this issue. Please see the references for more information.
Bitflux Upload Progress Meter 8275
Bitflux Upload Progress Meter 8215
Solution:
The vendor has released a fix to address this issue. Please see the references for more information.
Bitflux Upload Progress Meter 8275
-
Bitflux uploadprogress.c - Revision 8276
https://ssl.bitflux.ch/horde/chora/co.php/misc/uploadprogress/uploadpr ogress.c?r=8276&p=1
Bitflux Upload Progress Meter 8215
-
Bitflux uploadprogress.c - Revision 8276
https://ssl.bitflux.ch/horde/chora/co.php/misc/uploadprogress/uploadpr ogress.c?r=8276&p=1
References
PHP Upload Progress Meter UploadProgress.C Remote Buffer Overflow Vulnerability
References:
References: