Question 2 (a) CVE-2018-14883 is a recent vulnerability in PHP's image handling-specifically, in the function exif_thumb

[answerhappygod]

Question 2 A Cve 2018 14883 Is A Recent Vulnerability In Php S Image Handling Specifically In The Function Exif Thumb 1 (175.98 KiB) Viewed 12 times

Question 2 (a) CVE-2018-14883 is a recent vulnerability in PHP's image handling-specifically, in the function exif_thumbnail_extract. This function extracts thumbnail image data contained within the EXIF header of an image file. The following C code is part of its implementation: if ((img->Thumbnail.offset + img->Thumbnail.size) > length) { EXIF_ERRLOG_THUMBEOF (img); return; } In this code, img points to a C struct containing information about the image and Thumbnail is another struct containing details of the image's thumbnail. Thumbnail has a member offset that stores the position of the thumbnail within the image file header and a member size that stores how many bytes of the header are thumbnail data. Both of these members are unsigned 32-bit integers. (i) The vulnerability report refers to a problem with the if statement in the code above. Explain the likely nature of this problem. Identify the conditions necessary for the problem to occur. [5 marks] (ii) What are the possible consequences of this problem for a PHP application that displays thumbnails of uploaded images? [3 marks] (b) A Java web application contains the following code fragment: if (url.contains ("../")) { String message = "Bad URL\n" + getServerDetails (); throw new WebException (message); } [3 marks] (i) Explain carefully what the programmer is attempting to prevent here. (ii) How could an attacker try to defeat this input validation attempt? [3 marks] (iii) Even if this code performs its intended function, there is still a security issue. What is the nature of the problem? [2 marks] (c) A security researcher informs a software vendor about a vulnerability and states that they have 30 days to fix the problem before the researcher publishes their findings. The vendor accuses the researcher of 'blackmailing' them. Is the vendor justified in their complaint? Explain your reasoning. [4 marks] [Question 2 total: 20 marks]