Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2829

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-2829
Last Modified 30 Oct 2012 10:58:40
Published 23 Jun 2008 04:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2829

Summary

php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function.

Vulnerable Systems

Application

  • Php 4.0

  • Php 5.2.5

  • Php 5.2.6


References

CERT - TA09-133A

VUPEN - ADV-2009-1297

BID - 29829

FEDORA - FEDORA-2009-3848

FEDORA - FEDORA-2009-3768

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=221969

XF - php-phpimap-dos(43357)

UBUNTU - USN-628-1

BUGTRAQ - 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl

MLIST - [oss-security] 20080624 Re: CVE request: php 5.2.6 ext/imap buffer overflows

MLIST - [oss-security] 20080619 CVE request: php 5.2.6 ext/imap buffer overflows

MANDRIVA - MDVSA-2008:128

MANDRIVA - MDVSA-2008:127

MANDRIVA - MDVSA-2008:126

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2009-0035

CONFIRM - http://support.apple.com/kb/HT3549

SECUNIA - 35650

SECUNIA - 35306

SECUNIA - 35074

SECUNIA - 31200

OSVDB - 46641

HP - HPSBUX02465

HP - SSRT090085

SUSE - SUSE-SR:2008:027

APPLE - APPLE-SA-2009-05-12

MISC - http://bugs.php.net/bug.php?id=42862

GENTOO - GLSA-200811-05

SECUNIA - 32746

HP - SSRT090192

HP - HPSBUX02431

Related Patches

Apple 2009-05-12 Mac OS X 10.5.7 Combo Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Update

Apple 2009-05-12 Mac OS X 10.5.7 Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Combo Update


Last Updated: 27 May 2016 10:49:48