gd2lib may be expliotable, please upgrade stable.

To: debian-security@lists.debian.org
Subject: gd2lib may be expliotable, please upgrade stable.
From: dking@pimpsoft.com
Date: Sat, 15 May 2004 15:31:13 -0700
Message-id: <[🔎] 40A637C1.1165.104AC341@localhost>
In-reply-to: <40A63285.29334.10365224@localhost>
References: <40A61D4A.24135.FE363CF@localhost>

This is a forward from the debian-user mailing lists, I am not a 
member of the debian security list due to its large input in my 
mailbox.

The current libgd2 in debian stable may be exploitable and may even 
give root uid/gid if misused properly, due to its nature to segfualt 
when the gdImageCopy function is used in it from the php gd2 wrapper 
for the apache php module; You get the idea.

A general upgrading of the packages for apachelib-php4, php4-cgi, 
php4-gd2, and most importantly the affected package libgd2, should 
fix this, but they are not available in debian stable (woody) at this 
time... So the problem persists.

This what you get for using a beta version of libgd2 in a stable 
distro branch..

Have a nice day, and I hope this gets fixed soon.


On 15 May 2004 at 15:08, dking@pimpsoft.com wrote:

> I found this as well.
> 
> http://www.zend.com/lists/php-dev/200110/msg01100.html
> 
> It seems Debian is using the wrong versions of php and gd2; This is a 
> valid security problem and needs to be fixed ASAP in debian stable.
> 
> 
> 
> On 15 May 2004 at 13:38, dking@pimpsoft.com wrote:
> 
> > I get the following any time I try to run a php script either from 
> > apache or command line using the php gd2 function ImageCopy() under 
> > debian stable (woody)
> > 
> > cgi:/var/www/# php4 t.php
> > X-Powered-By: PHP/4.1.2
> > Content-type: text/html
> > 
> > 
> > Segmentation fault
> > 
> > 
> > Everything else in gd2 works but for some reason the ImageCopy() 
> > function in the php lib does not work at all, so I got out gdb and 
> > ran some tests.
> > 
> > cgi:/var/www/# gdb /usr/bin/php4
> > GNU gdb 2002-04-01-cvs
> > Copyright 2002 Free Software Foundation, Inc.
> > GDB is free software, covered by the GNU General Public License, and 
> > you are
> > welcome to change it and/or distribute copies of it under certain 
> > conditions.
> > Type "show copying" to see the conditions.
> > There is absolutely no warranty for GDB.  Type "show warranty" for 
> > details.
> > This GDB was configured as "i386-linux"...(no debugging symbols 
> > found)...
> > (gdb)  set args -f /var/www/t.php
> > (gdb) set args -f /var/www/t.php
> > (gdb) run
> > Starting program: /usr/bin/php4 -f /var/www/t.php
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > 
> > (no debugging symbols found)...
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x403b88d6 in gdImageCopy () from /usr/lib/libgd.so.2
> > (gdb) quit
> > 
> > 
> > I apt-get removed the gd2 lib and installed the noxpm version, then 
> > reinstalled php4-gd2 and the rest , they said they had to have the 
> > normal version with xpm support so I let it do its thing.
> > 
> > And so I ran the test again after it failed, and I get the exact same 
> > thing. Is anyone else getting these errors? Everything else in gdlib 
> > is working fine but its this one function that seems to be bad, using 
> > the most updated and official libs available.
> > 
> > If anyone has any ideas or has a way to fix this please let me know, 
> > I am using only official packages.
> > 
> > 
> > 
> > 
> > 
> > -- 
> > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> > 
> > 
> 
> 
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
>

Reply to:

Prev by Date: Electric Cord
Next by Date: Victory at last
Previous by thread: Electric Cord
Next by thread: Victory at last
Index(es):
- Date
- Thread