You are here: Multiple denial of service vulnerabilities in PHP « PHP « IT news, forums, messages
Multiple denial of service vulnerabilities in PHP

Posted by Dustin Wish with INDCO Networks on 04/07/05 19:56

- Multiple denial of service vulnerabilities in PHP -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

MADRID, April 7, 2005 - iDefense has reported multiple denial of service
vulnerabilities in the PHP scripting language, which could allow an attacker
to crash the system.

The problem lies in how the routines php_handle_iff() and php_handle_jpeg()
handle the PHP function getimagesize(), which is used to determine the size
and dimensions of a large number of image formats, including GIF, JPG, PNG,
TIFF, etc.

The first flaw lies in the php_handle_iff() function, defined in
ext/standard/image.c, and could allow a remote attacker to use up all of the
CPU resources, resulting in a denial of service.

The second vulnerability is due to insufficient validation of JPEG file
headers in the php_handle_jpeg() function, also defined in
ext/standard/image.c. This format contains a length field that could be
manipulated to cause an infinite loop on copying file data to memory.

These vulnerabilities could be exploited by unauthenticated remote users to
consume 100 percent of the CPU resources on vulnerable systems. To do this,
an attacker can supply a malicious image to the getimagesize() PHP routine.
The getimagesize() PHP routine is frequently used when handling
user-supplied image uploads, which increases the probability of a success
attack.

The original security advisory about these vulnerabilities is available at:
http://www.idefense.com/application/poi/display?id=222&type=vulnerabilities&
flashstatus=true

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.4 - Release Date: 4/6/2005

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация