FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- readfile() DoS vulnerability

Affected packages
mod_php4-twig < 4.3.5_7
php4 < 4.3.5_7
php4-cgi < 4.3.5_7
php4-cli < 4.3.5_7
php4-dtc < 4.3.5_7
php4-horde < 4.3.5_7
php4-nms < 4.3.5_7
mod_php < 4.3.5_7,1
mod_php4 < 4.3.5_7,1

Details

VuXML ID 07f3fe15-a9de-11d9-a788-0001020eed82
Discovery 2004-01-25
Entry 2005-04-10

A SUSE Security advisory reports:

A bug in the readfile() function of php4 could be used to to crash the httpd running the php4 code when accessing files with a multiple of the architectures page size leading to a denial of service.

References

Bugtraq ID 12665
CVE Name CVE-2005-0596
URL http://bugs.php.net/bug.php?id=27037
URL http://www.novell.com/linux/security/advisories/2005_06_sr.html