아이디/패스워드 기억
최근사진
Total : 64,747
Yesterday : 14
Today : 93

PHP 4.x/5.x Denial of Service and Security Bypass Vulnerabilities

ino | 2005.04.03 13:23 | 조회 1335
* Technical Description *

Multiple vulnerabilities were identified in PHP, which may be exploited by attackers to conduct denial of service or bypass certain security restrictions.

- The first problem resides in the "swf_openfile()", and could be exploited to bypasses safe mode restrictions. In conjunction with application vulnerabilities this could potentially allow overwriting arbitrary files.

- The second vulnerability resides in the "php_handle_iff()" and "php_handle_jpeg()" (ext/standard/image.c) functions reachable from the PHP function getimagesize(), which may be exploited by remote attackers to consume 100% CPU resources on a vulnerable system.

* Affected Products *

PHP version 4.2.2 and prior
PHP version 4.3.10 and prior
PHP version 5.0.3 and prior

* Solution *

PHP version 4.3.11 or version 5.0.4 :
http://www.php.net/downloads.php

* References *

http://www.php.net/release_4_3_11.php
http://www.php.net/ChangeLog-5.php
http://www.idefense.com/application/poi/display?id=222&type=vulnerabilities
twitter facebook me2day 요즘
110개(1/6페이지)
보안
번호 제목 글쓴이 조회 날짜
110 공유기별 기본 패스워드 및 포트포워딩 위치. 몰라맨 83 2016.07.25 09:58
109 usb 사용흔적제거에 강력한 유틸 몰라맨 70 2014.03.14 21:33
108 Adobe Flash Player/Reader/Acrobat 신규 취약점 몰라맨 128 2011.03.21 10:10
107 제로보드 보안 패치 pl9 첨부파일 ino 354 2009.02.10 18:45
106 [일반] Google's new Web browser (Chrome) allows ino 374 2008.09.05 09:47
105 [일반] 해킹의 표적 -가상 메모리 파일(Pagefile.sys)을 윈도우 종료시 ino 539 2008.02.19 13:25
104 [일반] 시스템 분석 - 추적 비밀글 ino 5 2008.02.05 16:16
103 [일반] Updated sendmail packages fix security i ino 1055 2006.04.18 10:37
102 [일반] 공개 웹 게시판 제로보드 취약점 패치 권고 ino 3439 2006.04.02 18:22
101 [일반] Microsoft Windows WMF/EMF File Handling ino 1156 2005.11.17 11:13
100 [일반] openssl 보안 업데이트 ino 1136 2005.10.17 21:19
99 [일반] Linux Kernel Local Denial of Service and ino 1137 2005.10.11 23:29
98 [일반] Kaspersky Anti-Virus Products Remote Hea ino 968 2005.10.04 15:20
97 [일반] ProZilla "ftpsearch" Option Client-Side ino 1008 2005.10.03 18:40
96 [일반] Updated kernel packages fix security iss ino 2277 2005.06.19 17:43
95 [일반] MySQL MaxDB Webtool Remote Stack Overflo ino 1346 2005.05.11 21:39
94 [일반] IBM AS/400 LDAP Server User Accounts Dis ino 1353 2005.04.06 11:01
>> [일반] PHP 4.x/5.x Denial of Service and Securi ino 1336 2005.04.03 13:23
92 [일반] Linux Kernel v2.6.10 Remote Denial of Se ino 1357 2005.03.30 21:22
91 [일반] overwriting low kernel memory ino 1313 2005.03.23 15:02