|
COMMAND unsecured owner changes are possible SYSTEMS AFFECTED chuid-1.2 PROBLEM Roman Ivanov found two bugs on chuid. Chuid is is a small program to solve a problem created by PHP\'s safe_mode, which makes it so that non-webserver owned PHP scripts can\'t accept file uploads. It solves this dilemma by allowing files in a compile time specified upload directory to be re-owned by an arbitrary user, thus allowing PHP scripts to make use of uploaded files. First bug : it is possible to go out of upload directory using \"..\" Second bug : root and webserver owned files may also be re-owned SOLUTION Ugrade to latest version http://srparish.net/scripts/chuid-1.3.tar.gz