|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu 4.10 USN-112-1 (php4)|
|Summary:||Ubuntu 4.10 USN-112-1 (php4)|
The remote host is missing an update to php4
announced via advisory USN-112-1.
An integer overflow was discovered in the exif_process_IFD_TAG()
function in PHP4's EXIF module. EXIF tags with a specially crafted
Image File Directory (IFD) tag caused a buffer overflow which could
have been exploited to execute arbitrary code with the privileges of
the PHP4 server. (CVE-2005-1042)
The same module also contained a Denial of Service vulnerability. EXIF
headers with a large IFD nesting level caused an unbound recursion
which would eventually overflow the stack and cause the executed
program to crash. (CVE-2005-1043)
In web applications that automatically process EXIF tags of uploaded
images, both vulnerabilities could be exploited remotely.
The following packages are affected:
The problem can be corrected by upgrading the affected package to
version 4:4.3.8-3ubuntu7.8. After performing a standard system upgrade
you need to reload the PHP module in the webserver by executing
sudo /etc/init.d/apache2 reload
to effect the necessary changes.
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-2005-1042|
Common Vulnerability Exposure (CVE) ID: CVE-2005-1043
|Copyright||Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com|
|This is only one of 39644 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.