Package: php4 Version: 4:4.3.10-16 Severity: normal Tags: security Ref: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390
Description: The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field. Vulnerable PHP versions: PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 Note: Resolved in Testing with bug 336645, but still appears to be outstanding in Sarge (no PHP4 DSA at http://www.us.debian.org/security since 29 Aug 2005)
