[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] PHP Denial of Service - Memory leak in getimagesize().

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] PHP Denial of Service - Memory leak in getimagesize().
From: Manu <sourvivor@xxxxxxxxx>
Date: Sun, 29 Apr 2012 19:58:30 +0200

Summary:

PHP Denial of Service - Memory leak in getimagesize().


Credits:

Manuel Fernández, Security consultant at Informatica64 [ sourvivor@xxxxxxxxx]

Francisco Oca, Security consultant at Informatica64 [ xyzthor@xxxxxxxxx ]

Greetings to the friends group of every thursday in this 2x1 bar. We love
you guys.


Details:

Getimagesize function is used to determine the size of an image. It recives
one parameter as URI. Getimagesize() doesn't implement any function to
verify if the remote file that is been downloaded is an image nor if the
size is higher than desired, so it could be possible to force the PHP
engine to download (through Getimagesize()) a huge file, causing a DoS (in
RAM and CPU) in the webserver.


This exploit has been tested successfully in few enviorments as forums
PHPBB, which uses this function when you're going to set an avatar, due
that PHPBB tries to calculate the file size before changing the avatar.

Vulnerable Versions:

PHP 5.4.1 and previous.


Patches/Workarounds:

The vendor was not notified of the issue.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] WordPress BruteForce Script
Next by Date: [Full-disclosure] Pritlog v0.821 CMS - Multiple Web Vulnerabilities
Previous by thread: Re: [Full-disclosure] WordPress BruteForce Script
Next by thread: [Full-disclosure] Pritlog v0.821 CMS - Multiple Web Vulnerabilities
Index(es):
- Date
- Thread