Details of VAR-200504-0063

ID

VAR-200504-0063

CVE

CVE-2005-1043

TITLE

PHP of exif.c Specific in EXIF Service disruption due to header (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2005-000256

DESCRIPTION

exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ PHP 4 Later, at compile time --enable-exif By compiling with EXIF ( Image file standards for digital cameras ) Enable support for. This generated by the digital camera JPEG/TIFF In the image EXIF Included in header IFD (Image File Directory) tag ( Information such as image size and type, compression method, color information, copyright ) You can get PHP 4.3.10 Before, 5.0.3 Included before EXIF module (exif.c) Contained within a specific image file IFD The following security issues exist due to inadequate handling of tags. still, PHP Group More distributed PHP By default, EXIF Support will not be activated, Red Hat Enterprise Linux Some as Linux Included with the distribution PHP In the package EXIF Support is enabled. PHP 4.3.11/5.0.4 In addition to the above issues, there are multiple security issues (CAN-2005-0524 And CAN-2005-0525 Such ) , And bugs have been fixed, PHP 4.3.11/5.0.4 Can be updated to PHP Group It is strongly recommended.Please refer to the “Overview” for the impact of this vulnerability. PHP is prone to a denial of service vulnerability. This issue could manifest itself in Web applications that allow users to upload images. PHP is a server-side scripting language designed to be embedded in HTML files and can run on Windows, Linux and many Unix operating systems

Trust: 1.98

sources: NVD: CVE-2005-1043 // JVNDB: JVNDB-2005-000256 // BID: 13164 // VULHUB: VHN-12252

AFFECTED PRODUCTS

vendor:	suse	model:	linux	scope:	eq	version:	7.3	Trust: 1.9
vendor:	suse	model:	linux	scope:	eq	version:	7.2	Trust: 1.9
vendor:	suse	model:	linux	scope:	eq	version:	7.1	Trust: 1.9
vendor:	suse	model:	linux	scope:	eq	version:	7.0	Trust: 1.9
vendor:	suse	model:	linux	scope:	eq	version:	8.1	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	8.0	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	6.4	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	6.3	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	6.2	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	6.1	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	6.0	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	5.3	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	5.2	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	5.1	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	5.0	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	4.4.1	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	4.4	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	4.3	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	4.2	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	4.0	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	3.0	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	2.0	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	1.0	Trust: 1.3
vendor:	sgi	model:	propack	scope:	eq	version:	3.0	Trust: 1.3
vendor:	php	model:	php	scope:	eq	version:	4.3.10	Trust: 1.3
vendor:	php	model:	php	scope:	eq	version:	4.3.9	Trust: 1.3
vendor:	php	model:	php	scope:	eq	version:	4.3.8	Trust: 1.3
vendor:	php	model:	php	scope:	eq	version:	4.3.7	Trust: 1.3
vendor:	php	model:	php	scope:	eq	version:	4.3.6	Trust: 1.3
vendor:	php	model:	php	scope:	eq	version:	4.3.5	Trust: 1.3
vendor:	php	model:	php	scope:	eq	version:	4.3.4	Trust: 1.3
vendor:	php	model:	php	scope:	eq	version:	4.3.3	Trust: 1.3
vendor:	php	model:	php	scope:	eq	version:	4.3.2	Trust: 1.3
vendor:	php	model:	php	scope:	eq	version:	4.3.1	Trust: 1.3
vendor:	suse	model:	linux	scope:	eq	version:	9.2	Trust: 1.0
vendor:	peachtree	model:	linux	scope:	eq	version:	release_1	Trust: 1.0
vendor:	conectiva	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.1	Trust: 1.0
vendor:	suse	model:	linux	scope:	eq	version:	9.1	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	4.3.0	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.4	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.4.1	Trust: 1.0
vendor:	suse	model:	linux	scope:	eq	version:	9.3	Trust: 1.0
vendor:	suse	model:	linux	scope:	eq	version:	8.2	Trust: 1.0
vendor:	conectiva	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.9	Trust: 1.0
vendor:	suse	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.9	Trust: 1.0
vendor:	the php group	model:	php	scope:	lte	version:	4.3.10	Trust: 0.8
vendor:	the php group	model:	php	scope:	lte	version:	5.0.3	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	10	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	7	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	8	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (ws)	Trust: 0.8
vendor:	suse	model:	linux i386	scope:	eq	version:	8.0	Trust: 0.3
vendor:	suse	model:	linux sparc	scope:	eq	version:	7.3	Trust: 0.3
vendor:	suse	model:	linux ppc	scope:	eq	version:	7.3	Trust: 0.3
vendor:	suse	model:	linux i386	scope:	eq	version:	7.3	Trust: 0.3
vendor:	suse	model:	linux i386	scope:	eq	version:	7.2	Trust: 0.3
vendor:	suse	model:	linux	scope:	eq	version:	7.1x86	Trust: 0.3
vendor:	suse	model:	linux sparc	scope:	eq	version:	7.1	Trust: 0.3
vendor:	suse	model:	linux ppc	scope:	eq	version:	7.1	Trust: 0.3
vendor:	suse	model:	linux alpha	scope:	eq	version:	7.1	Trust: 0.3
vendor:	suse	model:	linux sparc	scope:	eq	version:	7.0	Trust: 0.3
vendor:	suse	model:	linux ppc	scope:	eq	version:	7.0	Trust: 0.3
vendor:	suse	model:	linux i386	scope:	eq	version:	7.0	Trust: 0.3
vendor:	suse	model:	linux alpha	scope:	eq	version:	7.0	Trust: 0.3
vendor:	suse	model:	linux ppc	scope:	eq	version:	6.4	Trust: 0.3
vendor:	suse	model:	linux i386	scope:	eq	version:	6.4	Trust: 0.3
vendor:	suse	model:	linux alpha	scope:	eq	version:	6.4	Trust: 0.3
vendor:	suse	model:	linux ppc	scope:	eq	version:	6.3	Trust: 0.3
vendor:	suse	model:	linux alpha	scope:	eq	version:	6.3	Trust: 0.3
vendor:	suse	model:	linux alpha	scope:	eq	version:	6.1	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	9.3	Trust: 0.3
vendor:	s u s e	model:	linux personal x86 64	scope:	eq	version:	9.2	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	9.2	Trust: 0.3
vendor:	s u s e	model:	linux personal x86 64	scope:	eq	version:	9.1	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	9.1	Trust: 0.3
vendor:	s u s e	model:	linux personal x86 64	scope:	eq	version:	9.0	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	9.0	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	8.2	Trust: 0.3
vendor:	redhat	model:	linux i386	scope:	eq	version:	9.0	Trust: 0.3
vendor:	redhat	model:	linux i686	scope:	eq	version:	7.3	Trust: 0.3
vendor:	redhat	model:	linux i386	scope:	eq	version:	7.3	Trust: 0.3
vendor:	redhat	model:	linux	scope:	eq	version:	7.3	Trust: 0.3
vendor:	redhat	model:	fedora core2	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	fedora core1	scope:	-	version:	-	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	4.3	Trust: 0.3
vendor:	peachtree	model:	linux release	scope:	eq	version:	1	Trust: 0.3
vendor:	avaya	model:	s8710 r2.0.1	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	s8710 r2.0.0	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	s8700 r2.0.1	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	s8700 r2.0.0	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	s8500 r2.0.1	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	s8500 r2.0.0	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	s8300 r2.0.1	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	s8300 r2.0.0	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	modular messaging	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	modular messaging	scope:	eq	version:	1.1	Trust: 0.3
vendor:	avaya	model:	mn100	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	intuity lx	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	converged communications server	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	php	model:	php	scope:	ne	version:	4.3.11	Trust: 0.3

sources: BID: 13164 // JVNDB: JVNDB-2005-000256 // CNNVD: CNNVD-200504-048 // NVD: CVE-2005-1043

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-1043
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2005-1043
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200504-048
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-12252
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-1043
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-12252
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-12252 // JVNDB: JVNDB-2005-000256 // CNNVD: CNNVD-200504-048 // NVD: CVE-2005-1043

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-1043

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200504-048

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200504-048

CONFIGURATIONS

sources: JVNDB: JVNDB-2005-000256

PATCH

title:	ChangeLog-4	url:	http://jp2.php.net/ChangeLog-4.php	Trust: 0.8
title:	ChangeLog-5	url:	http://jp2.php.net/ChangeLog-5.php	Trust: 0.8
title:	release notes 4.3.11	url:	http://jp2.php.net/release_4_3_11.php	Trust: 0.8
title:	#28451	url:	http://bugs.php.net/bug.php?id=28451	Trust: 0.8
title:	#31797	url:	http://bugs.php.net/bug.php?id=31797	Trust: 0.8
title:	154021	url:	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154021	Trust: 0.8
title:	154025	url:	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154025	Trust: 0.8
title:	RHSA-2005:406	url:	https://rhn.redhat.com/errata/RHSA-2005-406.html	Trust: 0.8
title:	RHSA-2005:405	url:	https://rhn.redhat.com/errata/RHSA-2005-405.html	Trust: 0.8
title:	TLSA-2005-50	url:	http://www.turbolinux.com/security/2005/TLSA-2005-50.txt	Trust: 0.8
title:	RHSA-2005:405	url:	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2005-405J.html	Trust: 0.8
title:	RHSA-2005:406	url:	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2005-406J.html	Trust: 0.8
title:	TLSA-2005-50	url:	http://www.turbolinux.co.jp/security/2005/TLSA-2005-50j.txt	Trust: 0.8

sources: JVNDB: JVNDB-2005-000256

EXTERNAL IDS

db:	NVD	id:	CVE-2005-1043	Trust: 2.8
db:	BID	id:	13164	Trust: 1.2
db:	BID	id:	13163	Trust: 0.8
db:	JVNDB	id:	JVNDB-2005-000256	Trust: 0.8
db:	CNNVD	id:	CNNVD-200504-048	Trust: 0.7
db:	REDHAT	id:	RHSA-2005:406	Trust: 0.6
db:	GENTOO	id:	GLSA-200504-15	Trust: 0.6
db:	UBUNTU	id:	USN-112-1	Trust: 0.6
db:	MANDRAKE	id:	MDKSA-2005:072	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2005-06-08	Trust: 0.6
db:	VULHUB	id:	VHN-12252	Trust: 0.1

sources: VULHUB: VHN-12252 // BID: 13164 // JVNDB: JVNDB-2005-000256 // CNNVD: CNNVD-200504-048 // NVD: CVE-2005-1043

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2005/jun/msg00000.html	Trust: 1.7
url:	http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdksa-2005:072	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2005-406.html	Trust: 1.7
url:	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154025	Trust: 1.7
url:	http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.29&r2=1.118.2.30&ty=u	Trust: 1.6
url:	https://usn.ubuntu.com/112-1/	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10307	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-1043	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-1043	Trust: 0.8
url:	http://www.securityfocus.com/bid/13164	Trust: 0.8
url:	http://www.securityfocus.com/bid/13163	Trust: 0.8
url:	http://www.ubuntulinux.org/support/documentation/usn/usn-112-1	Trust: 0.6
url:	http://support.avaya.com/elmodocs2/security/asa-2005-136_rhsa-2005-405_rhsa-2005-406.pdf	Trust: 0.3
url:	http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000955	Trust: 0.3
url:	http://www.php.net/changelog-4.php#4.3.11	Trust: 0.3
url:	http://www.php.net/	Trust: 0.3
url:	http://rhn.redhat.com/errata/rhsa-2005-405.html	Trust: 0.3
url:	/archive/1/396618	Trust: 0.3
url:	http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.29&r2=1.118.2.30&ty=u	Trust: 0.1

sources: VULHUB: VHN-12252 // BID: 13164 // JVNDB: JVNDB-2005-000256 // CNNVD: CNNVD-200504-048 // NVD: CVE-2005-1043

CREDITS

Martin Pitt martin.pitt@canonical.com

Trust: 0.6

sources: CNNVD: CNNVD-200504-048

SOURCES

db:	VULHUB	id:	VHN-12252
db:	BID	id:	13164
db:	JVNDB	id:	JVNDB-2005-000256
db:	CNNVD	id:	CNNVD-200504-048
db:	NVD	id:	CVE-2005-1043

LAST UPDATE DATE

2024-08-14T12:11:48.857000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-12252	date:	2018-10-30T00:00:00
db:	BID	id:	13164	date:	2009-07-12T12:56:00
db:	JVNDB	id:	JVNDB-2005-000256	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200504-048	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-1043	date:	2018-10-30T16:25:35.387

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-12252	date:	2005-04-14T00:00:00
db:	BID	id:	13164	date:	2005-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2005-000256	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200504-048	date:	2005-04-14T00:00:00
db:	NVD	id:	CVE-2005-1043	date:	2005-04-14T04:00:00