|
PHP Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA14792
|
|
|
Release Date:
|
2005-04-01
|
|
Last Update:
|
2005-04-14
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Unknown
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | PHP 4.2.x
PHP 4.3.x
PHP 5.0.x
|
| | CVE reference: | CVE-2005-0524 (Secunia mirror)
CVE-2005-0525 (Secunia mirror)
CVE-2005-1042 (Secunia mirror)
CVE-2005-1043 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Multiple vulnerabilities have been reported in PHP, where some have an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
1) Errors within the "php_handle_iff()" and "php_handle_jpeg()" functions called by the "getimagesize()" PHP function can be exploited to cause infinite loops and consume all available CPU resources via a specially crafted image.
This has been reported in versions 4.2.2, 4.3.9, 4.3.10, and 5.0.3. Other versions may also be affected.
2) An integer overflow in the "exif_process_IFD_TAG()" function in "exif.c" in the exif extension may be exploited to execute arbitrary code via an application processing EXIF tags of uploaded images.
3) An error in the processing of exif data in "exif.c" may be exploited to cause an infinite stack recursion via an application processing EXIF headers of uploaded images.
4) Multiple unspecified security issues exist in the fbsql extensions and in the "unserialize()" and "swf_definepoly()" PHP functions.
Other bugs have also been reported where some may be security related.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
Update to version 4.3.11 or 5.0.4.
http://www.php.net/downloads.php
Provided and/or discovered by:
1) Discovered by anonymous person and reported via iDEFENSE.
2) Reported by vendor.
Changelog:
2005-04-14: Added CVE references, updated "Description" section, changed impact and raised criticality.
Original Advisory:
The PHP Group:
http://www.php.net/release_4_3_11.php
iDEFENSE:
http://www.idefense.com/application/poi/display?id=222&type=vulnerabilities
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
31 Related Secunia Security Advisories, displaying 10
|
|
|
1. PHP COM Objects Security Bypass
|
|
2. PHP "gdPngReadData()" Truncated PNG Data Denial of Service
|
|
3. PHP "readwbmp()" Integer Overflow Vulnerability
|
|
4. PHP Session Handling Double Free Vulnerabilities
|
|
5. PHP "htmlentities()" and "htmlspecialchars()" Buffer Overflows
|
|
6. PHP "ini_restore()" Security Bypass Vulnerability
|
|
7. PHP "open_basedir" Symlink Security Bypass Vulnerability
|
|
8. PHP "curl_init()" Safe Mode Bypass Weakness
|
|
9. PHP "wordwrap()" Buffer Overflow Vulnerability
|
|
10. PHP "phpinfo()" Cross-Site Scripting and Security Bypass
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
