Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1065

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1065
Last Modified 21 Aug 2010 12:21:44
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1065

Summary

Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.

Vulnerable Systems

Operating System

  • Trustix Secure Linux 2.0

  • Trustix Secure Linux 2.1

  • Trustix Secure Linux 2.2

  • Ubuntu Linux 4.1

Application

  • Openpkg 2.1

  • Openpkg 2.2

  • Openpkg Current

  • Php 3.0

  • Php 3.0.1

  • Php 3.0.10

  • Php 3.0.11

  • Php 3.0.12

  • Php 3.0.13

  • Php 3.0.14

  • Php 3.0.15

  • Php 3.0.16

  • Php 3.0.17

  • Php 3.0.18

  • Php 3.0.2

  • Php 3.0.3

  • Php 3.0.4

  • Php 3.0.5

  • Php 3.0.6

  • Php 3.0.7

  • Php 3.0.8

  • Php 3.0.9

  • Php 4.0

  • Php 4.0.1

  • Php 4.0.2

  • Php 4.0.3

  • Php 4.0.4

  • Php 4.0.5

  • Php 4.0.6

  • Php 4.0.7

  • Php 4.1.0

  • Php 4.1.1

  • Php 4.1.2

  • Php 4.2

  • Php 4.2.0

  • Php 4.2.1

  • Php 4.2.2

  • Php 4.2.3

  • Php 4.3

  • Php 4.3.1

  • Php 4.3.2

  • Php 4.3.3

  • Php 4.3.4

  • Php 4.3.5

  • Php 4.3.6

  • Php 4.3.7

  • Php 4.3.8

  • Php 4.3.9

  • Php 5.0

  • Php 5.0.0

  • Php 5.0.1

  • Php 5.0.2


References

REDHAT - RHSA-2004:687

FEDORA - FLSA:2344

XF - php-exifreaddata-bo(18517)

REDHAT - RHSA-2005:032

CONFIRM - http://www.php.net/release_4_3_10.php

SUSE - SUSE-SA:2005:002

OPENPKG - OpenPKG-SA-2004.053

HP - HPSBMA01212

MANDRAKE - MDKSA-2004:151


Last Updated: 27 May 2016 10:38:52