Full Disclosure mailing list archives
PHP Denial of Service - Memory leak in getimagesize().
From: Manu <sourvivor () gmail com>
Date: Sun, 29 Apr 2012 19:58:30 +0200
Summary: PHP Denial of Service - Memory leak in getimagesize(). Credits: Manuel Fernández, Security consultant at Informatica64 [ sourvivor () gmail com] Francisco Oca, Security consultant at Informatica64 [ xyzthor () gmail com ] Greetings to the friends group of every thursday in this 2x1 bar. We love you guys. Details: Getimagesize function is used to determine the size of an image. It recives one parameter as URI. Getimagesize() doesn't implement any function to verify if the remote file that is been downloaded is an image nor if the size is higher than desired, so it could be possible to force the PHP engine to download (through Getimagesize()) a huge file, causing a DoS (in RAM and CPU) in the webserver. This exploit has been tested successfully in few enviorments as forums PHPBB, which uses this function when you're going to set an avatar, due that PHPBB tries to calculate the file size before changing the avatar. Vulnerable Versions: PHP 5.4.1 and previous. Patches/Workarounds: The vendor was not notified of the issue.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- PHP Denial of Service - Memory leak in getimagesize(). Manu (Apr 29)