Debian Bug report logs - #302701
php4: Remote DoS in image header parsing (CAN-2005-0524, CAN-2005-0525)

version graph

Package: php4; Maintainer for php4 is (unknown);

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Sat, 2 Apr 2005 12:48:06 UTC

Severity: important

Tags: security, woody

Found in version 4:4.3.0-10

Done: "Adam Conrad" <adconrad@0c3.net>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Adam Conrad <adconrad@0c3.net>:
Bug#302701; Package php4. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Adam Conrad <adconrad@0c3.net>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: php4: Remote DoS in image header parsing (CAN-2005-0524, CAN-2005-0525)
Date: Sat, 02 Apr 2005 14:32:53 +0200
Package: php4
Version: 4:4.3.0-10
Severity: important
Tags: security

iDefense reports two remotely exploitable DoS vulnerabilities in PHP:

1. php_handle_iff() can be driven into an endless loop with carefully crafted
   packages.
2. php_handle_jpeg() can be driven into an endless loop with carefully crafted
   packages.

Fur full details please see 
http://www.idefense.com/application/poi/display?id=222&type=vulnerabilities

Cheers,
        Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Versions of packages php4 depends on:
pn  libapache-mod-php4 | libapach            Not found.
pn  php4-common                              Not found.



Information forwarded to debian-bugs-dist@lists.debian.org, Adam Conrad <adconrad@0c3.net>:
Bug#302701; Package php4. Full text and rfc822 format available.

Acknowledgement sent to adconrad@0c3.net:
Extra info received and forwarded to list. Copy sent to Adam Conrad <adconrad@0c3.net>. Full text and rfc822 format available.

Message #10 received at 302701@bugs.debian.org (full text, mbox):

From: "Adam Conrad" <adconrad@0c3.net>
To: "Moritz Muehlenhoff" <jmm@inutil.org>, 302701@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#302701: php4: Remote DoS in image header parsing (CAN-2005-0524, CAN-2005-0525)
Date: Mon, 4 Apr 2005 01:54:52 +1000 (EST)
tags 302701 +woody
thanks

Moritz Muehlenhoff said:
>
> iDefense reports two remotely exploitable DoS vulnerabilities in PHP:
>
> 1. php_handle_iff() can be driven into an endless loop with carefully
> crafted packages.
>
> 2. php_handle_jpeg() can be driven into an endless loop
> with carefully crafted packages.

The versions in Sarge and Sid aren't vulnerable to this (the CVS versions
we've updated to include the patches to resolve these bugs), so this is
only valid for Woody.  Tagging appropriately.

... Adam





Tags added: woody Request was from "Adam Conrad" <adconrad@0c3.net> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Adam Conrad <adconrad@0c3.net>:
Bug#302701; Package php4. Full text and rfc822 format available.

Acknowledgement sent to Esteban Manchado Velázquez <zoso@foton.es>:
Extra info received and forwarded to list. Copy sent to Adam Conrad <adconrad@0c3.net>. Full text and rfc822 format available.

Message #17 received at 302701@bugs.debian.org (full text, mbox):

From: Esteban Manchado Velázquez <zoso@foton.es>
To: 302701@bugs.debian.org
Subject: Any progress on this bug?
Date: Fri, 15 Apr 2005 00:25:40 +0100
Hi guys,

   Any progress on this bug? Do you need help, any patch or hint available?

   I don't see anything on -proposed-updates, either...

-- 
Esteban Manchado Velázquez <zoso@foton.es> - http://www.foton.es
EuropeSwPatentFree - http://EuropeSwPatentFree.hispalinux.es



Information forwarded to debian-bugs-dist@lists.debian.org, Adam Conrad <adconrad@0c3.net>:
Bug#302701; Package php4. Full text and rfc822 format available.

Acknowledgement sent to adconrad@0c3.net:
Extra info received and forwarded to list. Copy sent to Adam Conrad <adconrad@0c3.net>. Full text and rfc822 format available.

Message #22 received at 302701@bugs.debian.org (full text, mbox):

From: "Adam Conrad" <adconrad@0c3.net>
To: Esteban Manchado Velázquez <zoso@foton.es>, 302701@bugs.debian.org
Subject: Re: Bug#302701: Any progress on this bug?
Date: Fri, 15 Apr 2005 11:25:23 +1000 (EST)
Esteban Manchado Velázquez said:
>
> Any progress on this bug? Do you need help, any patch or hint available?

It's already been/being handled by the security team and I.  Patience. :)

... Adam





Reply sent to adconrad@0c3.net:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #27 received at 302701-done@bugs.debian.org (full text, mbox):

From: "Adam Conrad" <adconrad@0c3.net>
To: 302701-done@bugs.debian.org
Subject: Closing
Date: Wed, 8 Jun 2005 12:56:17 +1000 (EST)
This bug should have been closed with the upload of version 4.1.2-7.woody4
to woody-security.  Sarge, Etch, and Sid are not vulnerable.

... Adam





Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 08:46:52 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.