Date: Mon, 21 Jan 2002 20:24:59 +0000
From: Scott Parish <srp@srparish.net>
To: bugtraq@securityfocus.com
Subject: security vulnerability in chuid
--4bRzO86E/ozDv8r1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Chuid contained two fatal bugs, the first allowing a user to change
the uid of files outside of the designated upload directory by using
'..', the second allowing a user to change root owned files as well as
webserver owned files. Give the combination of these to it is imperative
that people using this program upgrade to the latest version, which can
be found at the following url:
http://srparish.net/scripts/chuid-1.3.tar.gz
Thanks to Roman Ivanov for finding and informing appropriate people
about this problem.
Chuid is a small program to solve a problem created by PHP's safe_mode,
which makes it so that non-webserver owned PHP scripts can't accept file
uploads. It solves this dilemma by allowing files in a compile time
specified upload directory to be re-owned by an arbitrary user, thus
allowing PHP scripts to make use of uploaded files.
sRp
--=20
Scott Parish
http://srparish.net/
--4bRzO86E/ozDv8r1
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8THkaQIKxCnswXL0RAqJcAJwO0NsoiszmX/PyYXAsdqq0+m/CdgCfYhsM
ovJ/cy2aP60y/EJpcuDoJg8=
=TbMD
-----END PGP SIGNATURE-----
--4bRzO86E/ozDv8r1--
