[Full-disclosure] [USN-112-1] PHP4 vulnerabilities

From: Martin Pitt (martin.pitt_at_canonical.com)
Date: 04/14/05

  • Next message: Dave Korn: "[Full-disclosure] Re: Microsoft April Security Bulletin Webcast BS"
    Date: Thu, 14 Apr 2005 11:33:56 +0200
    To: ubuntu-security-announce@lists.ubuntu.com
    
    
    
    

    ===========================================================
    Ubuntu Security Notice USN-112-1 April 14, 2005
    php4 vulnerabilities
    CAN-2005-1042, CAN-2005-1043
    ===========================================================

    A security issue affects the following Ubuntu releases:

    Ubuntu 4.10 (Warty Warthog)

    The following packages are affected:

    libapache2-mod-php4
    php4-cgi

    The problem can be corrected by upgrading the affected package to
    version 4:4.3.8-3ubuntu7.8. After performing a standard system upgrade
    you need to reload the PHP module in the webserver by executing

      sudo /etc/init.d/apache2 reload

    to effect the necessary changes.

    Details follow:

    An integer overflow was discovered in the exif_process_IFD_TAG()
    function in PHP4's EXIF module. EXIF tags with a specially crafted
    "Image File Directory" (IFD) tag caused a buffer overflow which could
    have been exploited to execute arbitrary code with the privileges of
    the PHP4 server. (CAN-2005-1042)

    The same module also contained a Denial of Service vulnerability. EXIF
    headers with a large IFD nesting level caused an unbound recursion
    which would eventually overflow the stack and cause the executed
    program to crash. (CAN-2005-1043)

    In web applications that automatically process EXIF tags of uploaded
    images, both vulnerabilities could be exploited remotely.

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.8.diff.gz
          Size/MD5: 615279 bccbf61fbd657d604778ef0807602269
        http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.8.dsc
          Size/MD5: 1624 50fb00c9c97235f29bd5e0b5be38719f
        http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz
          Size/MD5: 4832570 dd69f8c89281f088eadf4ade3dbd39ee

      Architecture independent packages:

        http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.8-3ubuntu7.8_all.deb
          Size/MD5: 332212 c7b9169952458bc1c9c6bb38894e44dd
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-pear_4.3.8-3ubuntu7.8_all.deb
          Size/MD5: 333344 8df62c694a6f3161c9856ce3ddc72880

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.8_amd64.deb
          Size/MD5: 1689076 ea68676e40465cfaf63e9c040097cf5e
        http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.8_amd64.deb
          Size/MD5: 3198192 73d27ba5818baffd5364bf600bde839d
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.8_amd64.deb
          Size/MD5: 17268 af6a393057cbc02db58bf8161971c920
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.8_amd64.deb
          Size/MD5: 40424 68c1a0c15a6cf8a73e34312ab4490fda
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.8_amd64.deb
          Size/MD5: 33490 04e4f118c9c254f124647d3f79331b40
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.8_amd64.deb
          Size/MD5: 21228 7b3a3ec6ee219d8a20b5ae4908356223
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.8_amd64.deb
          Size/MD5: 18402 3ccc063e13e057bb046134106f7a4af0
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.8_amd64.deb
          Size/MD5: 7984 3a6f3b7fa3c05de874ff133efed8a005
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.8_amd64.deb
          Size/MD5: 23106 c5eb05dc58ec37535f4abbcca2fd376b
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.8_amd64.deb
          Size/MD5: 28318 ba50aa51d1878db08656192e4942a672
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.8_amd64.deb
          Size/MD5: 7612 492f40b7948f52691ba10aefda76509c
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.8_amd64.deb
          Size/MD5: 12966 e4c676a19934de18daea3c7c5558c6bb
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.8_amd64.deb
          Size/MD5: 21504 5634e0379238d42bbd446c768f19d865
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.8_amd64.deb
          Size/MD5: 17244 b3ade86c59d1bf070936cc8d3e0798ec
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.8_amd64.deb
          Size/MD5: 1704972 48b6f63a1bd9e74a32d1765f83a7a766

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.8_i386.deb
          Size/MD5: 1630966 33f6c6e64aeee06c9f4ce5529bfb5270
        http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.8_i386.deb
          Size/MD5: 3044286 a0d8f50a76ba83181ff3120086615610
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.8_i386.deb
          Size/MD5: 16846 452346f69df9d3610c1e49be50c20bda
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.8_i386.deb
          Size/MD5: 35546 33628c2ce0a6c4dce3ffd9191004a7c0
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.8_i386.deb
          Size/MD5: 31064 d04e46c79926bfe840141ae8de168e71
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.8_i386.deb
          Size/MD5: 19464 3b1e7da084cc652c54ed7ee809262bc5
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.8_i386.deb
          Size/MD5: 17038 320f44d0b84c2d1907f85f16464b05f7
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.8_i386.deb
          Size/MD5: 7742 a82e71021460f23a3c27258a60dec76d
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.8_i386.deb
          Size/MD5: 20898 0bdc2c8eb237dcbd9fcdb65348f583d2
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.8_i386.deb
          Size/MD5: 26058 0fb042c54fcdf259142a599f287597e0
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.8_i386.deb
          Size/MD5: 7374 60bff288d952728c56839059830a46d0
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.8_i386.deb
          Size/MD5: 12318 1873822251912089841c8b9ad5087fa2
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.8_i386.deb
          Size/MD5: 20002 5073920959f7e45ba0440cc40d5d2a0b
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.8_i386.deb
          Size/MD5: 15878 c5bb3e00817367294f83e239e16876ec
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.8_i386.deb
          Size/MD5: 1645576 f0f01be88bdc787ab135d1a865f4f308

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.8_powerpc.deb
          Size/MD5: 1690872 071804bfe714bbfa054aade588d40023
        http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.8_powerpc.deb
          Size/MD5: 3203670 3fa86de2cf426a6eaa6e99a5c7bdd4b7
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.8_powerpc.deb
          Size/MD5: 19086 7acaf730006b0a0ebc103057c28b74e2
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.8_powerpc.deb
          Size/MD5: 38282 010967a7de5cd770e9748937376f0560
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.8_powerpc.deb
          Size/MD5: 34008 ad454fc9b99f41b76c76b58b54a7f32f
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.8_powerpc.deb
          Size/MD5: 21478 7a57f51114a5990b40aa326b6224afaa
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.8_powerpc.deb
          Size/MD5: 19312 e4d275a2e44183a608e3a120ec23175a
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.8_powerpc.deb
          Size/MD5: 9320 3566967bd9d610d91106222756584dcc
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.8_powerpc.deb
          Size/MD5: 22690 c1a2e74f03baba2cedc8dec36329e794
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.8_powerpc.deb
          Size/MD5: 28408 090402935f36668bcd42b459935b1fa3
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.8_powerpc.deb
          Size/MD5: 9006 87db57559484b64fd0e4d68909859710
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.8_powerpc.deb
          Size/MD5: 14322 fa6f48dc42e8734e260c83a8efbd2703
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.8_powerpc.deb
          Size/MD5: 22192 e4d2b2a283cfd4a8d1ac92d6e2327b0e
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.8_powerpc.deb
          Size/MD5: 18058 18411dc4784022996fcc5e7387b32ac7
        http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.8_powerpc.deb
          Size/MD5: 1708846 82dee976e21613a81b3e5935a1e2f590

    
    

    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/



  • Next message: Dave Korn: "[Full-disclosure] Re: Microsoft April Security Bulletin Webcast BS"

    Relevant Pages