Executive Summary
Summary | |
---|---|
Title | PHP security update |
Informations | |||
---|---|---|---|
Name | RHSA-2005:405 | First vendor Publication | 2005-04-28 |
Vendor | RedHat | Last vendor Modification | 2005-04-28 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated PHP packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was found in the way PHP processes IFF and JPEG images. It is possible to cause PHP to consume CPU resources for a short period of time by supplying a carefully crafted IFF or JPEG image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0524 and CAN-2005-0525 to these issues. A buffer overflow bug was also found in the way PHP processes EXIF image headers. It is possible for an attacker to construct an image file in such a way that it could execute arbitrary instructions when processed by PHP. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1042 to this issue. A denial of service bug was found in the way PHP processes EXIF image headers. It is possible for an attacker to cause PHP to enter an infinite loop for a short period of time by supplying a carefully crafted image file Several bug fixes are also included in this update: - - The security fixes in RHSA-2004-687 to the "unserializer" code introduced some performance issues. - - In the gd extension, the "imagecopymerge" function did not correctly handle transparency. The original image was being obscured in the resultant image. - - In the curl extension, safe mode was not enforced for 'file:///' URL lookups (CAN-2004-1392). Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 145436 - PHP pages slow, HTTPD eating cpu 147808 - php curl open_basedir bypass 149873 - make PHP oci8 driver support Oracle Instant Client RPM 149946 - PHP GD ImageCopyMerge broken 153140 - CAN-2005-0524 PHP getimagesize() Multiple Denial of Service Vulnerabilities CAN-2005-0525 154021 - CAN-2005-1042 PHP exif buffer overflow 154025 - CAN-2005-1043 PHP exif infinite stack recursion |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2005-405.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11703 | |||
Oval ID: | oval:org.mitre.oval:def:11703 | ||
Title: | The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek. | ||
Description: | The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0525 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9310 | |||
Oval ID: | oval:org.mitre.oval:def:9310 | ||
Title: | The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value. | ||
Description: | The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0524 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5015816.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5019075.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5021505.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5021688.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200504-15 (PHP) File : nvt/glsa_200504_15.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 708-1 (php3) File : nvt/deb_708_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 729-1 (php4) File : nvt/deb_729_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
15630 | PHP EXIF Header Large IFD Nesting Level DoS PHP contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to functions in exif.c not properly sanitizing user-supplied input. By passing a crafted EXIF header with a large IFD nesting level, an attacker can cause stack recursion leading to memory consumption and eventually the application crashing. |
15629 | PHP exif.c exif_process_IFD_TAG Function IDF Tag Handling Overflow PHP contains a flaw that may allow a remote attacker to gain elevated privileges. The issue is due to the exif_process_IFD_TAG function in exif.c not properly sanitizing user-supplied input. By supplying a crafted IFD tag, an attacker can trigger an overflow and execute arbitrary code. |
15184 | PHP image.c php_next_marker Function JPEG Processing DoS PHP contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the php_next_marker function in image.c, as reachable by the getimagesize PHP function, not properly sanitizing user-supplied input. By supplying a negative length value to the php_stream_seek, an attacker can cause an infinite loop and exhaust system resources. |
15183 | PHP getimagesize() php_handle_iff() Function DoS PHP contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the php_handle_iff function in image.c, as reachable by the getimagesize PHP function, not properly sanitizing user-supplied input. By passing a malformed value to this function, an attacker can cause an infinite loop and exhaust all system resources. |
11196 | PHP cURL open_basedir Arbitrary File Access PHP contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when CURL functions fail to comply with the open_basedir directive which is designed to restrict PHP scripts to open_basedir. This flaw may lead to a loss of confidentiality. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-01-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-406.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-405.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-105-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-112-1.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-315.nasl - Type : ACT_GATHER_INFO |
2005-06-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-729.nasl - Type : ACT_GATHER_INFO |
2005-06-08 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd2005-006.nasl - Type : ACT_GATHER_INFO |
2005-05-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-406.nasl - Type : ACT_GATHER_INFO |
2005-04-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-405.nasl - Type : ACT_GATHER_INFO |
2005-04-19 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-072.nasl - Type : ACT_GATHER_INFO |
2005-04-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200504-15.nasl - Type : ACT_GATHER_INFO |
2005-04-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-708.nasl - Type : ACT_GATHER_INFO |
2005-04-15 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_023.nasl - Type : ACT_GATHER_INFO |
2005-04-02 | Name : The remote web server is prone to denial of service attacks. File : php_image_file_dos.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:49:20 |
|
2013-05-11 12:23:02 |
|