[nycbug-talk] Fwd: [SA14792] PHP Multiple Vulnerabilities

George R. george
Fri Apr 1 13:26:34 EST 2005


It seems like other's have jumped on your joke, Bob. . .

Begin forwarded message:

> From: Secunia Security Advisories <sec-adv at secunia.com>
> Date: April 1, 2005 7:51:15 AM EST
> To: george at sddi.net
> Subject: [SA14792] PHP Multiple Vulnerabilities
>
>
> ----------------------------------------------------------------------
>
> Want a new IT Security job?
>
> Vacant positions at Secunia:
> http://secunia.com/secunia_vacancies/
>
> ----------------------------------------------------------------------
>
> TITLE:
> PHP Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA14792
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/14792/
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> Unknown, DoS
>
> WHERE:
> From remote
>
> SOFTWARE:
> PHP 5.0.x
> http://secunia.com/product/3919/
> PHP 4.3.x
> http://secunia.com/product/922/
> PHP 4.2.x
> http://secunia.com/product/105/
>
> DESCRIPTION:
> Multiple vulnerabilities have been reported in PHP, where some have
> an unknown impact and others can be exploited by malicious people to
> cause a DoS (Denial of Service).
>
> 1) Errors within the "php_handle_iff()" and "php_handle_jpeg()"
> functions called by the "getimagesize()" PHP function can be
> exploited to cause infinite loops and consume all available CPU
> resources via a specially crafted image.
>
> This has been reported in versions 4.2.2, 4.3.9, 4.3.10, and 5.0.3.
> Other versions may also be affected.
>
> 2) Multiple unspecified security issues exist in the exif and fbsql
> extensions and in the "unserialize()" and "swf_definepoly()" PHP
> functions.
>
> Other bugs have also been reported where some may be security
> related.
>
> SOLUTION:
> Update to version 4.3.11 or 5.0.4.
> http://www.php.net/downloads.php
>
> PROVIDED AND/OR DISCOVERED BY:
> 1) Discovered by anonymous person and reported via iDEFENSE.
> 2) Reported by vendor.
>
> ORIGINAL ADVISORY:
> The PHP Group:
> http://www.php.net/release_4_3_11.php
>
> iDEFENSE:
> http://www.idefense.com/application/poi/display? 
> id=222&type=vulnerabilities
>
> ----------------------------------------------------------------------
>
> About:
> This Advisory was delivered by Secunia as a free service to help
> everybody keeping their systems up to date against the latest
> vulnerabilities.
>
> Subscribe:
> http://secunia.com/secunia_security_advisories/
>
> Definitions: (Criticality, Where etc.)
> http://secunia.com/about_secunia_advisories/
>
>
> Please Note:
> Secunia recommends that you verify all advisories you receive by
> clicking the link.
> Secunia NEVER sends attached files with advisories.
> Secunia does not advise people to install third party patches, only
> use those supplied by the vendor.
>
> ----------------------------------------------------------------------
>
> Unsubscribe: Secunia Security Advisories
> http://secunia.com/sec_adv_unsubscribe/?email=george%40sddi.net
>
> ----------------------------------------------------------------------
>





More information about the talk mailing list