PHP Remote getimagesize DoS

high Nessus Network Monitor Plugin ID 2782
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host is missing a critical security patch or upgrade.

Description

The remote host is running a version of PHP that is older than 4.3.11 or 5.0.4. This version contains a bug that can be triggered when the getimagesize() function processes malicious IFF or JPEG image files. An attacker exploiting this flaw would be able to present an image to the function that would cause the function to go into an infinite loop by processing a negative file size. A successful exploit would result in the loss of system availability for valid users. There is also a reported flaw in the way that PHP handles data being passed to the Image File Directory (IFD). Reportedly, this leads to a remote Denial of Service (DoS) attack. Other flaws impacting this version of PHP have been reported; however, details have not been released.

Solution

Upgrade to 4.3.11, 5.0.4 or higher.

See Also

http://www.php.net/ChangeLog-5.php#5.0.4

http://www.php.net/ChangeLog-4.php#4.3.11

https://bugs.php.net/bug.php?id=28451

Plugin Details

Severity: High

ID: 2782

Family: Web Servers

Published: 4/1/2005

Updated: 3/6/2019

Dependencies: 8728, 8682

Nessus ID: 18033

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Patch Publication Date: 3/25/2005

Vulnerability Publication Date: 3/31/2005

Reference Information

CVE: CVE-2005-0524, CVE-2005-0525, CVE-2005-1043

BID: 12963, 12962, 13143, 13163, 13164