Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] PHP falls down security hole

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] PHP falls down security hole
Date: Wed, 20 Apr 2005 03:14:12 -0500 (CDT) 
http://www.techworld.com/security/news/index.cfm?NewsID=3514

By Matthew Broersma
Techworld
19 April 2005

Servers running PHP are vulnerable to a number of serious security
exploits, including some which could allow an attacker to execute
malicious code, as well as denial-of-service exploits, according to
the PHP Group.

The project has issued updates [1] fixing the bugs, available from the
PHP website and directly from various operating system vendors. "All
Users of PHP are strongly encouraged to upgrade to this release," the
PHP Group said in its advisory.

PHP, an open-source programming language mainly for server-side
applications, runs on server operating systems such as Linux, Unix,
Mac OS X and Windows.

Several of the flaws were discovered in PHP's EXIF module, used to
handle the Exchangeable Image file format (EXIF) specification used by
digital cameras. A bug in the module's exif_process_IFD_TAG() function
could be exploited by a specially crafted "Image File Directory" (IFD)  
tag to cause a buffer overflow and execute malicious code with the
privileges of the PHP server, according to Mandriva, which issued its
update [2] on Monday.

A second EXIF module bug could lead to an infinite recursion, causing
the executed program to crash.

Another flaw, first disclosed [3] by iDefense, affects the
"php_handle_iff()" and "php_handle_jpeg()" functions and could be
exploited by a specially formed image to cause infinite loops and
consume all available CPU resources, creating a denial of service. The
PHP update fixes a number of other security flaws, mostly less
serious, as well as non-security-related bugs.

Independent security firm Secunia originally gave the flaws a
non-critical ranking, but later changed its rating to "highly
critical" [4] as more information came to light, the company said.

Updates are being distributed by Debian, Gentoo, Suse and others.

[1] http://www.php.net/release_4_3_11.php
[2] http://www.mandriva.com/security/advisories?name=MDKSA-2005:072
[3] http://www.idefense.com/application/poi/display?id=222
[4] http://secunia.com/advisories/14792/



_________________________________________
InfoSec News
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] PHP falls down security hole, InfoSec News <=
Previous by Date:  [ISN] Open-Source CVS Project Plugs Security Leaks, InfoSec News
Next by Date:  [ISN] Shoppers' data stolen from DSW shoe stores, InfoSec News
Previous by Thread:  [ISN] Open-Source CVS Project Plugs Security Leaks, InfoSec News
Next by Thread:  [ISN] Shoppers' data stolen from DSW shoe stores, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]