http://www.techworld.com/security/news/index.cfm?NewsID=3514 By Matthew Broersma Techworld 19 April 2005 Servers running PHP are vulnerable to a number of serious security exploits, including some which could allow an attacker to execute malicious code, as well as denial-of-service exploits, according to the PHP Group. The project has issued updates [1] fixing the bugs, available from the PHP website and directly from various operating system vendors. "All Users of PHP are strongly encouraged to upgrade to this release," the PHP Group said in its advisory. PHP, an open-source programming language mainly for server-side applications, runs on server operating systems such as Linux, Unix, Mac OS X and Windows. Several of the flaws were discovered in PHP's EXIF module, used to handle the Exchangeable Image file format (EXIF) specification used by digital cameras. A bug in the module's exif_process_IFD_TAG() function could be exploited by a specially crafted "Image File Directory" (IFD) tag to cause a buffer overflow and execute malicious code with the privileges of the PHP server, according to Mandriva, which issued its update [2] on Monday. A second EXIF module bug could lead to an infinite recursion, causing the executed program to crash. Another flaw, first disclosed [3] by iDefense, affects the "php_handle_iff()" and "php_handle_jpeg()" functions and could be exploited by a specially formed image to cause infinite loops and consume all available CPU resources, creating a denial of service. The PHP update fixes a number of other security flaws, mostly less serious, as well as non-security-related bugs. Independent security firm Secunia originally gave the flaws a non-critical ranking, but later changed its rating to "highly critical" [4] as more information came to light, the company said. Updates are being distributed by Debian, Gentoo, Suse and others. [1] http://www.php.net/release_4_3_11.php [2] http://www.mandriva.com/security/advisories?name=MDKSA-2005:072 [3] http://www.idefense.com/application/poi/display?id=222 [4] http://secunia.com/advisories/14792/ _________________________________________ InfoSec News http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Wed Apr 20 2005 - 15:28:06 PDT