[virusinfo] Multiple denial of service vulnerabilities in PHP - 4/07/05

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Fri, 08 Apr 2005 09:39:48 -0700

From; Panda Oxygen3:

"The present contains nothing more than the past,
      and what is found in the effect was already in the cause." 
            Henri Bergson (1859-1941); French philosopher.

      - Multiple denial of service vulnerabilities in PHP -
    Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

MADRID, April 7, 2005 - iDefense has reported multiple denial of service
vulnerabilities in the PHP scripting language, which could allow an
attacker to crash the system.

The problem lies in how the routines php_handle_iff() and php_handle_jpeg()
handle the PHP function getimagesize(), which is used to determine the size
and dimensions of a large number of image formats, including GIF, JPG, PNG,
TIFF, etc.

The first flaw lies in the php_handle_iff() function, defined in
ext/standard/image.c, and could allow a remote attacker to use up all of
the CPU resources, resulting in a denial of service. 

The second vulnerability is due to insufficient validation of JPEG file
headers in the php_handle_jpeg() function, also defined in
ext/standard/image.c. This format contains a length field that could be
manipulated to cause an infinite loop on copying file data to memory.

These vulnerabilities could be exploited by unauthenticated remote users to
consume 100 percent of the CPU resources on vulnerable systems. To do this,
an attacker can supply a malicious image to the getimagesize() PHP routine.
The getimagesize() PHP routine is frequently used when handling
user-supplied image uploads, which increases the probability of a success
attack.

The original security advisory about these vulnerabilities is available at:
http://www.idefense.com/application/poi/display?id=222&type=vulnerabilities&flashstatus=true

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.
------------------------------------------------------------

The 5 viruses most frequently detected by Panda ActiveScan, Panda
Software's free online scanner: 1) Netsky.P ; 2) Mhtredir,gen; 3)
Sdbot.ftp; 4) Downloader.GK; 5) Shinwow.E. 

------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Multiple denial of service vulnerabilities in PHP - 4/07/05

1. Home
2. virusinfo
3. Archive
4. 04-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---