-------- Original Message --------
Subject: Oxygen3 24h-365d [Multiple denial of service vulnerabilities in PHP - 4/07/05]
Date: Thu, 7 Apr 2005 13:37:27 +0200
From: Oxygen3 24h-365d <[EMAIL PROTECTED]>
Reply-To: Oxygen3 24h-365d mailing list <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
"The present contains nothing more than the past,
and what is found in the effect was already in the cause." Henri Bergson (1859-1941); French philosopher.
- Multiple denial of service vulnerabilities in PHP - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
MADRID, April 7, 2005 - iDefense has reported multiple denial of service vulnerabilities in the PHP scripting language, which could allow an attacker to crash the system.
The problem lies in how the routines php_handle_iff() and php_handle_jpeg() handle the PHP function getimagesize(), which is used to determine the size and dimensions of a large number of image formats, including GIF, JPG, PNG, TIFF, etc.
The first flaw lies in the php_handle_iff() function, defined in ext/standard/image.c, and could allow a remote attacker to use up all of the CPU resources, resulting in a denial of service.
The second vulnerability is due to insufficient validation of JPEG file headers in the php_handle_jpeg() function, also defined in ext/standard/image.c. This format contains a length field that could be manipulated to cause an infinite loop on copying file data to memory.
These vulnerabilities could be exploited by unauthenticated remote users to consume 100 percent of the CPU resources on vulnerable systems. To do this, an attacker can supply a malicious image to the getimagesize() PHP routine. The getimagesize() PHP routine is frequently used when handling user-supplied image uploads, which increases the probability of a success attack.
The original security advisory about these vulnerabilities is available at: http://www.idefense.com/application/poi/display?id=222&type=vulnerabilities&flashstatus=true
NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------
The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's free online scanner: 1) Netsky.P ; 2) Mhtredir,gen; 3) Sdbot.ftp; 4) Downloader.GK; 5) Shinwow.E.
------------------------------------------------------------ To unsubscribe from Oxygen3 24h-365d, please visit: http://www.pandasoftware.com/unsubscribe.asp
To contact with Panda Software, please visit: http://www.pandasoftware.com/about/contact/ ------------------------------------------------------------
----------------------------------------------------------
To post, send email to [email protected]
To unsubscribe: http://www.dfwcfug.org/form_MemberUnsubscribe.cfm
To subscribe: http://www.dfwcfug.org/form_MemberRegistration.cfm
