From; Panda Oxygen3: "The present contains nothing more than the past, and what is found in the effect was already in the cause." Henri Bergson (1859-1941); French philosopher. - Multiple denial of service vulnerabilities in PHP - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) MADRID, April 7, 2005 - iDefense has reported multiple denial of service vulnerabilities in the PHP scripting language, which could allow an attacker to crash the system. The problem lies in how the routines php_handle_iff() and php_handle_jpeg() handle the PHP function getimagesize(), which is used to determine the size and dimensions of a large number of image formats, including GIF, JPG, PNG, TIFF, etc. The first flaw lies in the php_handle_iff() function, defined in ext/standard/image.c, and could allow a remote attacker to use up all of the CPU resources, resulting in a denial of service. The second vulnerability is due to insufficient validation of JPEG file headers in the php_handle_jpeg() function, also defined in ext/standard/image.c. This format contains a length field that could be manipulated to cause an infinite loop on copying file data to memory. These vulnerabilities could be exploited by unauthenticated remote users to consume 100 percent of the CPU resources on vulnerable systems. To do this, an attacker can supply a malicious image to the getimagesize() PHP routine. The getimagesize() PHP routine is frequently used when handling user-supplied image uploads, which increases the probability of a success attack. The original security advisory about these vulnerabilities is available at: http://www.idefense.com/application/poi/display?id=222&type=vulnerabilities&flashstatus=true NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------ The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's free online scanner: 1) Netsky.P ; 2) Mhtredir,gen; 3) Sdbot.ftp; 4) Downloader.GK; 5) Shinwow.E. ------------------------------------------------------------ To contact with Panda Software, please visit: http://www.pandasoftware.com/about/contact/ ------------------------------------------------------------ *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member