>> PHP 4.x/5.x Denial of Service and Security Bypass Vulnerabilities
Title : PHP 4.x/5.x Denial of Service and Security Bypass Vulnerabilities VUPEN ID : VUPEN/ADV-2005-0305 CVE ID : CVE-2005-0524 - CVE-2005-0525 CWE ID : CWE-
Rated as : High Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-04-01
Technical Description
Multiple vulnerabilities were identified in PHP, which may be exploited by attackers to conduct denial of service or bypass certain security restrictions.
- The first problem resides in the "swf_openfile()", and could be exploited to bypasses safe mode restrictions. In conjunction with application vulnerabilities this could potentially allow overwriting arbitrary files.
- The second vulnerability resides in the "php_handle_iff()" and "php_handle_jpeg()" (ext/standard/image.c) functions reachable from the PHP function getimagesize(), which may be exploited by remote attackers to consume 100% CPU resources on a vulnerable system.
- The third issue is due to an integer overflow error in the "exif_process_IFD_TAG()" function (exif.c), which may be exploited by attackers to execute arbitrary code via an application processing EXIF tags of uploaded images.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
