CVE-2005-1043
CVSS5.0
发布时间 :2005-04-14 00:00:00
修订时间 :2010-08-21 00:27:31
NMCOS    

[原文]exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.


[CNNVD]PHP4 EXIF模块IFD嵌套拒绝服务漏洞(CNNVD-200504-048)

        PHP是服务器端脚本语言,设计成内嵌于HTML文件的形式,可以运行于Windows,Linux和许多Unix操作系统。
        PHP4 EXIF模块中存在拒绝服务漏洞。有过大IFD嵌套级别的EXIF首部可能导致不受限制的递归,最终造成执行的程序崩溃。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:suse:suse_linux:7.1::spa
cpe:/o:apple:mac_os_x:10.3.9Apple Mac OS X 10.3.9
cpe:/o:peachtree:peachtree_linux:release_1
cpe:/o:suse:suse_linux:4.3SuSE SuSE Linux 4.3
cpe:/a:sgi:propack:3.0SGI ProPack 3.0
cpe:/o:suse:suse_linux:6.4::i386
cpe:/a:php:php:4.3.1PHP PHP 4.3.1
cpe:/a:php:php:4.3.10PHP PHP 4.3.10
cpe:/o:suse:suse_linux:6.4SuSE SuSE Linux 6.4
cpe:/o:suse:suse_linux:7.0::sparc
cpe:/a:php:php:4.3.7PHP PHP 4.3.7
cpe:/o:suse:suse_linux:1.0SuSE SuSE Linux 1.0
cpe:/o:suse:suse_linux:6.3::ppc
cpe:/o:suse:suse_linux:4.4SuSE SuSE Linux 4.4
cpe:/o:suse:suse_linux:6.4::ppc
cpe:/o:suse:suse_linux:5.3SuSE SuSE Linux 5.3
cpe:/o:suse:suse_linux:4.2SuSE SuSE Linux 4.2
cpe:/o:apple:mac_os_x:10.4Apple Mac OS X 10.4
cpe:/o:suse:suse_linux:7.1::sparc
cpe:/o:apple:mac_os_x_server:10.4Apple Mac OS X Server 10.4
cpe:/o:suse:suse_linux:3.0
cpe:/a:php:php:4.3.6PHP PHP 4.3.6
cpe:/o:conectiva:linux:9.0Conectiva Linux 9.0
cpe:/a:php:php:4.3
cpe:/o:suse:suse_linux:9.2::x86_64
cpe:/o:suse:suse_linux:8.0::i386
cpe:/a:php:php:4.3.4PHP PHP 4.3.4
cpe:/o:suse:suse_linux:4.4.1SuSE SuSE Linux 4.4.1
cpe:/o:suse:suse_linux:9.0SuSE SuSE Linux 9.0
cpe:/o:suse:suse_linux:7.0SuSE SuSE Linux 7.0
cpe:/o:suse:suse_linux:8.2SuSE SuSE Linux 8.2
cpe:/o:suse:suse_linux:7.3::ppc
cpe:/o:suse:suse_linux:6.0SuSE SuSE Linux 6.0
cpe:/o:suse:suse_linux:5.1SuSE SuSE Linux 5.1
cpe:/o:suse:suse_linux:7.0::i386
cpe:/a:php:php:4.3.2PHP PHP 4.3.2
cpe:/a:php:php:4.3.3PHP PHP 4.3.3
cpe:/o:suse:suse_linux:7.3SuSE SuSE Linux 7.3
cpe:/o:suse:suse_linux:6.3SuSE SuSE Linux 6.3
cpe:/o:suse:suse_linux:8.1SuSE SuSE Linux 8.1
cpe:/o:suse:suse_linux:7.1SuSE SuSE Linux 7.1
cpe:/o:suse:suse_linux:6.4:alphaSuSE SuSE Linux 6.4 alpha
cpe:/o:suse:suse_linux:9.2SuSE SuSE Linux 9.2
cpe:/o:apple:mac_os_x:10.4.1Apple Mac OS X 10.4.1
cpe:/o:suse:suse_linux:7.0::ppc
cpe:/o:suse:suse_linux:2.0
cpe:/o:suse:suse_linux:7.3::i386
cpe:/o:apple:mac_os_x_server:10.4.1Apple Mac OS X Server 10.4.1
cpe:/o:suse:suse_linux:7.0:alphaSuSE SuSE Linux 7.0 alpha
cpe:/o:suse:suse_linux:6.1:alphaSuSE SuSE Linux 6.1 alpha
cpe:/o:suse:suse_linux:9.1SuSE SuSE Linux 9.1
cpe:/o:suse:suse_linux:7.2::i386
cpe:/o:conectiva:linux:10.0Conectiva Linux 10.0
cpe:/o:suse:suse_linux:9.1::x86_64
cpe:/o:suse:suse_linux:4.0
cpe:/o:suse:suse_linux:5.0SuSE SuSE Linux 5.0
cpe:/o:suse:suse_linux:7.2SuSE SuSE Linux 7.2
cpe:/o:suse:suse_linux:7.1::x86
cpe:/o:suse:suse_linux:9.0::x86_64
cpe:/o:suse:suse_linux:8.0SuSE SuSE Linux 8.0
cpe:/o:suse:suse_linux:9.3SuSE SuSE Linux 9.3
cpe:/o:suse:suse_linux:6.1SuSE SuSE Linux 6.1
cpe:/o:suse:suse_linux:7.3::sparc
cpe:/o:suse:suse_linux:6.2SuSE SuSE Linux 6.2
cpe:/a:php:php:4.3.8PHP PHP 4.3.8
cpe:/o:suse:suse_linux:7.1:alphaSuSE SuSE Linux 7.1 alpha
cpe:/a:php:php:4.3.9PHP PHP 4.3.9
cpe:/o:suse:suse_linux:6.3:alphaSuSE SuSE Linux 6.3 alpha
cpe:/a:php:php:4.3.5PHP PHP 4.3.5
cpe:/o:apple:mac_os_x_server:10.3.9Apple Mac OS X Server 10.3.9
cpe:/o:suse:suse_linux:5.2SuSE SuSE Linux 5.2

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10307exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a la...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1043
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1043
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200504-048
(官方数据源) CNNVD

- 其它链接及资源

http://www.ubuntulinux.org/support/documentation/usn/usn-112-1
(VENDOR_ADVISORY)  UBUNTU  USN-112-1
http://www.redhat.com/support/errata/RHSA-2005-406.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:406
http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200504-15
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154025
(VENDOR_ADVISORY)  CONFIRM  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154025
http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html
(UNKNOWN)  APPLE  APPLE-SA-2005-06-08
http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.29&r2=1.118.2.30&ty=u
(VENDOR_ADVISORY)  CONFIRM  http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.29&r2=1.118.2.30&ty=u
http://www.mandriva.com/security/advisories?name=MDKSA-2005:072
(UNKNOWN)  MANDRAKE  MDKSA-2005:072

- 漏洞信息

PHP4 EXIF模块IFD嵌套拒绝服务漏洞
中危 其他
2005-04-14 00:00:00 2005-10-20 00:00:00
远程  
        PHP是服务器端脚本语言,设计成内嵌于HTML文件的形式,可以运行于Windows,Linux和许多Unix操作系统。
        PHP4 EXIF模块中存在拒绝服务漏洞。有过大IFD嵌套级别的EXIF首部可能导致不受限制的递归,最终造成执行的程序崩溃。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        http://www.php.net/downloads.php

- 漏洞信息

15630
PHP EXIF Header Large IFD Nesting Level DoS
Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

PHP contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to functions in exif.c not properly sanitizing user-supplied input. By passing a crafted EXIF header with a large IFD nesting level, an attacker can cause stack recursion leading to memory consumption and eventually the application crashing.

- 时间线

2005-04-06 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PHP Group Exif Module IFD Nesting Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 13164
Yes No
2005-04-12 12:00:00 2009-07-12 12:56:00
This issue was announced by the PHP Group.

- 受影响的程序版本

SGI ProPack 3.0
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
S.u.S.E. Linux 7.3 sparc
S.u.S.E. Linux 7.3 ppc
S.u.S.E. Linux 7.3 i386
S.u.S.E. Linux 7.3
S.u.S.E. Linux 7.2 i386
S.u.S.E. Linux 7.2
S.u.S.E. Linux 7.1 x86
S.u.S.E. Linux 7.1 sparc
S.u.S.E. Linux 7.1 ppc
S.u.S.E. Linux 7.1 alpha
S.u.S.E. Linux 7.1
S.u.S.E. Linux 7.0 sparc
S.u.S.E. Linux 7.0 ppc
S.u.S.E. Linux 7.0 i386
S.u.S.E. Linux 7.0 alpha
S.u.S.E. Linux 7.0
S.u.S.E. Linux 6.4 ppc
S.u.S.E. Linux 6.4 i386
S.u.S.E. Linux 6.4 alpha
S.u.S.E. Linux 6.4
S.u.S.E. Linux 6.3 ppc
S.u.S.E. Linux 6.3 alpha
S.u.S.E. Linux 6.3
S.u.S.E. Linux 6.2
S.u.S.E. Linux 6.1 alpha
S.u.S.E. Linux 6.1
S.u.S.E. Linux 6.0
S.u.S.E. Linux 5.3
S.u.S.E. Linux 5.2
S.u.S.E. Linux 5.1
S.u.S.E. Linux 5.0
S.u.S.E. Linux 4.4.1
S.u.S.E. Linux 4.4
S.u.S.E. Linux 4.3
S.u.S.E. Linux 4.2
S.u.S.E. Linux 4.0
S.u.S.E. Linux 3.0
S.u.S.E. Linux 2.0
S.u.S.E. Linux 1.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
Red Hat Fedora Core2
Red Hat Fedora Core1
PHP PHP 4.3.10
+ Gentoo Linux
+ Red Hat Fedora Core3
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 1.5
PHP PHP 4.3.9
PHP PHP 4.3.8
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
PHP PHP 4.3.7
PHP PHP 4.3.6
PHP PHP 4.3.5
PHP PHP 4.3.4
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ S.u.S.E. Linux Personal 9.1
PHP PHP 4.3.3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ Turbolinux Home
+ Turbolinux Turbolinux 10 F...
+ Turbolinux Turbolinux Desktop 10.0
PHP PHP 4.3.2
PHP PHP 4.3.1
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ OpenPKG OpenPKG Current
+ S.u.S.E. Linux Personal 8.2
PHP PHP 4.3
Peachtree Linux release 1
Conectiva Linux 10.0
Conectiva Linux 9.0
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya MN100
Avaya Intuity LX
Avaya Converged Communications Server 2.0
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.3.9
PHP PHP 4.3.11

- 不受影响的程序版本

PHP PHP 4.3.11

- 漏洞讨论

PHP is prone to a denial of service vulnerability. This issue occurs when deeply nested EXIF IFD (Image File Directory) data is processed.

This issue could manifest itself in Web applications that allow users to upload images.

This vulnerability may be one of the issues described in BID 13143 "PHP Group PHP Multiple Unspecified Vulnerabilities".

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Avaya has released an advisory (ASA-2005-136) that acknowledges this vulnerability for Avaya products. Please see the referenced Avaya advisory for further details.

Conectiva has released an advisory (CLSA-2005:955) and fixes to address these and other issues. Please see the referenced advisory for further information regarding obtaining and applying appropriate updates.

Turbolinux has released advisory TLSA-2005-50 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.

Peachtree Linux has released an advisory (PLSN-0001) including updated packages to address this issue. Please see the referenced advisory for more information.

Ubuntu has released advisory USN-112-1 to provide fixes for this issue. Please see the attached advisory for further information on obtaining and applying fixes.

This issue has been addressed in PHP 4.3.11.

Gentoo Linux has released advisory GLSA 200504-15 dealing with this issue. Gentoo advises that all users upgrade their packages by executing the following commands with superuser privileges:

emerge --sync
emerge --ask --oneshot --verbose ">=dev-php/php-4.3.11"

All mod_php users should upgrade to the latest version:

emerge --sync
emerge --ask --oneshot --verbose ">=dev-php/mod_php-4.3.11"

All php-cgi users should upgrade to the latest version:

emerge --sync
emerge --ask --oneshot --verbose ">=dev-php/php-cgi-4.3.11"

For more information, please see the referenced Gentoo Linux advisory.

RedHat Fedora has released advisory FEDORA-2005-315 for their Core 3 product. Please see the referenced advisory for more information.

Mandriva has released advisory MDKSA-2005:072 to address these issues. Please see the attached advisory for details on obtaining and applying fixes.

Red Hat released advisory RHSA-2005:405-06 as well as fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisories for additional information.

SuSE has released advisory SUSE-SR:2005:012 and fixes for this issue. Fixes can be obtained through the SuSE FTP server or by using the YaST Online Update.

SGI has released an advisory 20050501-01-U including updated SGI ProPack 3
Service Pack 5 packages to address this BID and other issues. Please see
the referenced advisory for more information.

Apple has released security advisory APPLE-SA-2005-06-08 along with fixes dealing with this issue for Mac OS X 10.4.1 and Mac OS X 10.3.9. Please see the referenced advisory for more information.

RedHat Fedora has released Fedora Legacy security advisory FLSA:155505 addressing this issue. Please see the referenced advisory for further information.


Apple Mac OS X Server 10.3.9

Apple Mac OS X 10.3.9

Apple Mac OS X Server 10.4.1

Apple Mac OS X 10.4.1

PHP PHP 4.3

PHP PHP 4.3.1

PHP PHP 4.3.10

PHP PHP 4.3.2

PHP PHP 4.3.3

PHP PHP 4.3.4

PHP PHP 4.3.5

PHP PHP 4.3.6

PHP PHP 4.3.7

PHP PHP 4.3.8

PHP PHP 4.3.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站