CVE-2005-0524
CVSS5.0
发布时间 :2005-05-02 00:00:00
修订时间 :2011-03-07 21:20:11
NMCOPS    

[原文]The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value.


[CNNVD]PHP Group PHP图形文件格式远程拒绝服务漏洞(CNNVD-200505-587)

        PHP是用途非常广泛的通用目的脚本语言,可嵌入在HTML中。
        PHP Group PHP中存在远程拒绝服务漏洞,起因是应用程序没能正确的处理恶意创建的图形格式文件(IFF)图形文件。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:php:php:4.2.2PHP PHP 4.2.2
cpe:/a:php:php:4.3.9PHP PHP 4.3.9
cpe:/a:php:php:4.3.10PHP PHP 4.3.10
cpe:/a:php:php:5.0.3PHP PHP 5.0.3

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9310The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0524
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0524
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-587
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/archive/1/394797
(VENDOR_ADVISORY)  IDEFENSE  20050331 PHP getimagesize() Multiple Denial of Service Vulnerabilities
http://securitytracker.com/id?1013619
(PATCH)  SECTRACK  1013619
http://secunia.com/advisories/14792
(PATCH)  SECUNIA  14792
http://xforce.iss.net/xforce/xfdb/19920
(UNKNOWN)  XF  php-phphandleiff-dos(19920)
http://www.vupen.com/english/advisories/2005/0305
(UNKNOWN)  VUPEN  ADV-2005-0305
http://www.redhat.com/support/errata/RHSA-2005-406.html
(UNKNOWN)  REDHAT  RHSA-2005:406
http://www.redhat.com/support/errata/RHSA-2005-405.html
(UNKNOWN)  REDHAT  RHSA-2005:405
http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml
(UNKNOWN)  GENTOO  GLSA-200504-15
http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html
(UNKNOWN)  APPLE  APPLE-SA-2005-06-08
http://www.osvdb.org/15183
(UNKNOWN)  OSVDB  15183
http://www.mandriva.com/security/advisories?name=MDKSA-2005:072
(UNKNOWN)  MANDRAKE  MDKSA-2005:072

- 漏洞信息

PHP Group PHP图形文件格式远程拒绝服务漏洞
中危 其他
2005-05-02 00:00:00 2005-10-20 00:00:00
远程  
        PHP是用途非常广泛的通用目的脚本语言,可嵌入在HTML中。
        PHP Group PHP中存在远程拒绝服务漏洞,起因是应用程序没能正确的处理恶意创建的图形格式文件(IFF)图形文件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        www.php.net/distributions/php-5.0.4.tar.gz
        www.php.net/distributions/php-5.0.4.tar.bz2

- 漏洞信息 (F36935)

iDEFENSE Security Advisory 2005-03-31.t (PacketStormID:F36935)
2005-04-14 00:00:00
iDefense Labs  idefense.com
advisory,remote,denial of service,php,vulnerability
CVE-2005-0524,CVE-2005-0525
[点击下载]

iDEFENSE Security Advisory 03.31.05 - Remote exploitation of multiple denial of service vulnerabilities in the PHP Group's PHP scripting language allows attackers to consume CPU resources. The vulnerable routines, php_handle_iff() and php_handle_jpeg(), are reachable from the PHP function getimagesize(). iDEFENSE has confirmed the existence of these vulnerabilities in PHP versions 4.2.2, 4.3.9, 4.3.10 and 5.0.3.

PHP getimagesize() Multiple Denial of Service Vulnerabilities

iDEFENSE Security Advisory 03.31.05
www.idefense.com/application/poi/display?id=222&type=vulnerabilities
March 31, 2005

I. BACKGROUND

PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.
More information is available at:

   http://www.php.net

II. DESCRIPTION

Remote exploitation of multiple denial of service vulnerabilities in 
the PHP Group's PHP scripting language allows attackers to consume CPU 
resources. The vulnerable routines, php_handle_iff() and 
php_handle_jpeg(), are reachable from the PHP function getimagesize(), 
which is defined as follows:

    array getimagesize ( string filename [, array &imageinfo] )

The getimagesize() routine is used to determine the size and dimensions
of multiple image formats, including GIF, JPG, PNG, TIFF, etc.

ISSUE 1 - php_handle_iff() Denial of Service

Remote exploitation of a denial of service (DoS) condition in the PHP
Group's PHP scripting language allows attackers to consume CPU
resources.

The problem specifically exists within the function php_handle_iff()
defined in ext/standard/image.c. The vulnerability is demonstrated in
the following excerpt:

    static struct gfxinfo *php_handle_iff(php_stream * stream TSRMLS_DC)
    {
    ...
            /* loop chunks to find BMHD chunk */
            do {
    [1]             if (php_stream_read(stream, a, 8) != 8) {
                            efree(result);
                            return NULL;
                    }
                    chunkId = php_ifd_get32s(a+0, 1);
    [2]             size    = php_ifd_get32s(a+4, 1);
                    if ((size & 1) == 1) {
                            size++;
                    }
                if (chunkId == 0x424d4844) { /* BMHD chunk */
                        ...
                ...
            } else {
    [3]                 if (php_stream_seek(stream, size, SEEK_CUR)) {
                                efree(result);
                                return NULL;
                        }
                    }
            } while (1);
    }

In the excerpt above, at line [1], 8 bytes are read from the user-
supplied file stream. At line [2], the variables 'chunkId' and 'size'
are set to user-supplied values from the file stream. If the variable
'size' is set to -8, then on line [3] the current position within the
file stream is moved back 8 bytes, resulting in an infinite loop. 

ISSUE 2 - php_handle_jpeg() Denial of Service 

Local exploitation of an input validation vulnerability in The PHP 
Group's PHP embedded scripting language allows attackers to consume CPU 
resources. The vulnerability specifically exists due to insufficient 
validation of JPEG image file headers in the php_handle_jpeg() 
function. The JPEG file header contains a file length field which may 
be manipulated to cause an infinate loop in the copying of file data to 
memory as shown below from ext/standard/image.c:

    static struct gfxinfo *
    php_handle_jpeg (php_stream * stream, pval *info TSRMLS_DC)
    {
        struct gfxinfo *result = NULL;
        unsigned int marker = M_PSEUDO;
        unsigned short length, ff_read=1;
    
        for (;;) {
    [1]     marker = php_next_marker(stream, marker, 1, ff_read
TSRMLS_CC);
            ff_read = 0;
            switch (marker) {
                ...
                default:
    [2]             php_skip_variable(stream TSRMLS_CC); 
                                    break;
            }
        }
    
        return result; /* perhaps image broken -> no info but size */
    }
    
    static void php_skip_variable(php_stream * stream TSRMLS_DC)
    {
    [3] off_t length = ((unsigned int)php_read2(stream TSRMLS_CC));
    
        length = length-2;
        if (length)
        {
    [4]     php_stream_seek(stream, (long)length, SEEK_CUR);
        }
    }

The php_next_marker() call [1] reads the next byte in the stream to 
determine handling of the associated data. If given an invalid marker 
value, the case statement executes the default block which calls the 
php_skip_variable() function [2]. The php_read2() call [3] will return 
0 bytes if the file stream has reached its end, so the pointer math 
causes a length value of -2 in the php_stream_seek() call[4]. This 
results in an infinate loop as the stream now points to the last two 
bytes of the file when the pointer is returned to the for loop in 
php_handle_jpeg().

III. ANALYSIS

Exploitation of either vulnerability could allow unauthenticated remote 
attackers to consume 100% CPU resources on vulnerable systems. 
Exploitation requires that an attacker supply a malicious image to the 
getimagesize() PHP routine. The getimagesize() routine is frequently 
used when handling user-supplied image uploads, which increases the 
feasibility of remote exploitation.

IV. DETECTION

iDEFENSE has confirmed the existence of these vulnerabilities in PHP
versions 4.2.2, 4.3.9, 4.3.10 and 5.0.3.

V. WORKAROUND

iDEFENSE is currently unaware of any workaround for this issue.

VI. VENDOR RESPONSE

These vulnerabilities are addressed in PHP 5.0.4 which is available for
download at:

   www.php.net/distributions/php-5.0.4.tar.gz
   www.php.net/distributions/php-5.0.4.tar.bz2

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
following names to these issues:

CAN-2005-0524 - php_handle_iff()
CAN-2005-0525 - php_handle_jpeg()

These are candidates for inclusion in the CVE list
(http://cve.mitre.org), which standardizes names for security problems.

VIII. DISCLOSURE TIMELINE

02/23/2005      Initial vendor notification
02/23/2005      Initial vendor response
03/31/2005      Coordinated public disclosure

IX. CREDIT

The discoverer of these issues wishes to remain anonymous.

Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp

Free tools, research and upcoming events
http://labs.idefense.com

X. LEGAL NOTICES

Copyright (c) 2005 iDEFENSE, Inc.

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDEFENSE. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.

There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information.
    

- 漏洞信息

15183
PHP getimagesize() php_handle_iff() Function DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Availability
Vendor Verified

- 漏洞描述

PHP contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the php_handle_iff function in image.c, as reachable by the getimagesize PHP function, not properly sanitizing user-supplied input. By passing a malformed value to this function, an attacker can cause an infinite loop and exhaust all system resources.

- 时间线

2005-03-31 2005-02-23
Unknow Unknow

- 解决方案

Upgrade to version 4.3.11, 5.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

PHP Group PHP Image File Format Remote Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 12962
Yes No
2005-04-01 12:00:00 2009-07-12 11:56:00
The discoverer of these issues wishes to remain anonymous; iDEFENSE is responsible for their disclosure.

- 受影响的程序版本

Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
SGI ProPack 3.0
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
Red Hat Fedora Core2
Red Hat Fedora Core1
PHP PHP 5.0.3
+ Trustix Secure Linux 2.2
PHP PHP 5.0.2
PHP PHP 5.0.1
PHP PHP 5.0 candidate 3
PHP PHP 5.0 candidate 2
PHP PHP 5.0 candidate 1
PHP PHP 5.0 .0
PHP PHP 4.3.10
+ Gentoo Linux
+ Red Hat Fedora Core3
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 1.5
PHP PHP 4.3.9
PHP PHP 4.3.8
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
PHP PHP 4.3.7
PHP PHP 4.3.6
PHP PHP 4.3.5
PHP PHP 4.3.4
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ S.u.S.E. Linux Personal 9.1
PHP PHP 4.3.3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ Turbolinux Home
+ Turbolinux Turbolinux 10 F...
+ Turbolinux Turbolinux Desktop 10.0
PHP PHP 4.3.2
PHP PHP 4.3.1
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ OpenPKG OpenPKG Current
+ S.u.S.E. Linux Personal 8.2
PHP PHP 4.3
PHP PHP 4.2.3
+ EnGarde Secure Linux 1.0.1
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
PHP PHP 4.2.2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ OpenPKG OpenPKG 1.1
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ S.u.S.E. Linux 8.1
PHP PHP 4.2.1
- FreeBSD FreeBSD 4.6
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
+ Slackware Linux 8.1
PHP PHP 4.2 .0
PHP PHP 4.2 -dev
PHP PHP 4.1.2
+ Apple Mac OS X 10.1.5
+ Apple Mac OS X 10.1.4
+ Apple Mac OS X 10.1.3
+ Apple Mac OS X 10.1.2
+ Apple Mac OS X 10.1.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X 10.0.4
+ Apple Mac OS X 10.0.3
+ Apple Mac OS X 10.0.2
+ Apple Mac OS X 10.0.1
+ Apple Mac OS X 10.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ MandrakeSoft Multi Network Firewall 2.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
PHP PHP 4.1.1
+ Conectiva Linux 7.0
PHP PHP 4.1 .0
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
PHP PHP 4.0.7 RC3
PHP PHP 4.0.7 RC2
PHP PHP 4.0.7 RC1
PHP PHP 4.0.7
PHP PHP 4.0.6
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ HP Secure OS software for Linux 1.0
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 4.3
- IBM AIX 5.1
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ Sun Cobalt RaQ 550
+ Sun LX50
+ Trustix Secure Linux 1.5
PHP PHP 4.0.5
PHP PHP 4.0.4
+ Compaq Compaq Secure Web Server PHP 1.0
+ Conectiva Linux 6.0
+ Guardian Digital Engarde Secure Linux 1.0.1
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
PHP PHP 4.0.3 pl1
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
PHP PHP 4.0.3
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Sun Cobalt Control Station 4100CS
+ Sun Cobalt Qube3 Japanese 4000WGJ
+ Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ
+ Sun Cobalt Qube3 Japanese w/Caching 4010WGJ
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ XTR Japanese 3500R-ja
PHP PHP 4.0.2
PHP PHP 4.0.1 pl2
PHP PHP 4.0.1 pl1
PHP PHP 4.0.1
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt Qube3 w/ Caching and RAID 4100WG
+ Sun Cobalt Qube3 w/Caching 4010WG
+ Sun Cobalt RaQ4 3001R
+ Sun Cobalt RaQ4 Japanese RAID 3100R-ja
+ Sun Cobalt RaQ4 RAID 3100R
PHP PHP 4.0 0
Peachtree Linux release 1
Conectiva Linux 10.0
Conectiva Linux 9.0
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya MN100
Avaya Intuity LX
Avaya Converged Communications Server 2.0
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.3.9
PHP PHP 5.0.4
PHP PHP 4.3.11

- 不受影响的程序版本

PHP PHP 5.0.4
PHP PHP 4.3.11

- 漏洞讨论

A remote denial of service vulnerability affects PHP Group PHP. This issue is due to a failure of the application to properly handle maliciously formed Image Format File (IFF) image files.

It should be noted that this vulnerability can only be exploited remotely if a Web based PHP application is implemented that allows user-supplied images to be processed by the 'getimagesize()' function. The 'getimagesize()' is commonly implemented in PHP Web applications that allow for the display of images.

An attacker may leverage this issue to cause the affected script interpreter to consume excessive processing resources on an affected computer, leading to a denial of service condition.

- 漏洞利用

No exploit is required to leverage this issue.

- 解决方案

The vendor has released an upgrade dealing with this issue.

Avaya has released an advisory (ASA-2005-136) that acknowledges this vulnerability for Avaya products. Please see the referenced Avaya advisory for further details.

Conectiva has released an advisory (CLSA-2005:955) and fixes to address this and other issues. Please see the referenced advisory for further information regarding obtaining and applying appropriate updates.

Turbolinux has released advisory TLSA-2005-50 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.

Peachtree Linux has released an advisory (PLSN-0001) including updated packages to address this issue. Please see the referenced advisory for more information.

Slackware has released an advisory (SSA:2005-095-01) including updated packages to address this issue. Please see the referenced advisory for more information.

Ubuntu advisory USN-105-1 is available to address this issue. Please see the referenced advisory for more information.

SuSE has released advisory SUSE-SA:2005:023 to address this, and other issues. Please see the referenced advisory for further information.

Gentoo Linux has released advisory GLSA 200504-15 dealing with this issue. Gentoo advises that all users upgrade their packages by executing the following commands with superuser privileges:

emerge --sync
emerge --ask --oneshot --verbose ">=dev-php/php-4.3.11"

All mod_php users should upgrade to the latest version:

emerge --sync
emerge --ask --oneshot --verbose ">=dev-php/mod_php-4.3.11"

All php-cgi users should upgrade to the latest version:

emerge --sync
emerge --ask --oneshot --verbose ">=dev-php/php-cgi-4.3.11"

For more information, please see the referenced Gentoo Linux advisory.

RedHat Fedora has released advisory FEDORA-2005-315 for their Core 3 product. Please see the referenced advisory for more information.

Mandriva has released advisory MDKSA-2005:072 to address these issues. Please see the attached advisory for details on obtaining and applying fixes.

Red Hat released advisory RHSA-2005:405-06 as well as fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisories for additional information.

SGI has released an advisory 20050501-01-U including updated SGI ProPack 3 Service Pack 5 packages to address this BID and other issues. Please see the referenced advisory for more information.

Apple has released security advisory APPLE-SA-2005-06-08 along with fixes dealing with this issue for Mac OS X 10.4.1 and Mac OS X 10.3.9. Please see the referenced advisory for more information.

RedHat Fedora has released Fedora Legacy security advisory FLSA:155505 addressing this issue. Please see the referenced advisory for further information.


Apple Mac OS X Server 10.3.9

Apple Mac OS X 10.3.9

Apple Mac OS X Server 10.4.1

Apple Mac OS X 10.4.1

PHP PHP 4.0 0

PHP PHP 4.0.1

PHP PHP 4.0.1 pl1

PHP PHP 4.0.1 pl2

PHP PHP 4.0.2

PHP PHP 4.0.3 pl1

PHP PHP 4.0.3

PHP PHP 4.0.4

PHP PHP 4.0.5

PHP PHP 4.0.6

PHP PHP 4.0.7

PHP PHP 4.0.7 RC1

PHP PHP 4.0.7 RC3

PHP PHP 4.0.7 RC2

PHP PHP 4.1 .0

PHP PHP 4.1.1

PHP PHP 4.1.2

PHP PHP 4.2 -dev

PHP PHP 4.2 .0

PHP PHP 4.2.1

PHP PHP 4.2.2

PHP PHP 4.2.3

PHP PHP 4.3

PHP PHP 4.3.1

PHP PHP 4.3.10

PHP PHP 4.3.2

PHP PHP 4.3.3

PHP PHP 4.3.4

PHP PHP 4.3.5

PHP PHP 4.3.6

PHP PHP 4.3.7

PHP PHP 4.3.8

PHP PHP 4.3.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站