[原文]Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
PHP php3_mime_split Function POST Request Overflow
Remote / Network Access
Loss of Integrity
A remote overflow exists in php. The php3_mime_split function fails to perform proper bounds checking resulting in a heap overflow. By using the HTTP POST method to upload a PHP form containing specially crafted MIME-encoded data, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
Upgrade to version 4.1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.