Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5498

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-5498
Last Modified 21 Aug 2010 01:26:24
Published 26 Dec 2008 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5498

Summary

Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.

Vulnerable Systems

Application

  • Php 5

  • Php 5.0

  • Php 5.0.0

  • Php 5.0.1

  • Php 5.0.2

  • Php 5.0.3

  • Php 5.0.4

  • Php 5.0.5

  • Php 5.1

  • Php 5.1.0

  • Php 5.1.1

  • Php 5.1.2

  • Php 5.1.3

  • Php 5.1.4

  • Php 5.1.5

  • Php 5.1.6

  • Php 5.2.0

  • Php 5.2.1

  • Php 5.2.2

  • Php 5.2.3

  • Php 5.2.4

  • Php 5.2.5

  • Php 5.2.6

  • Php 5.2.7

  • Php 5.2.8


References

FEDORA - FEDORA-2009-3848

FEDORA - FEDORA-2009-3768

XF - php-imagerotate-info-disclosure(47635)

BID - 33002

REDHAT - RHSA-2009:0350

CONFIRM - http://www.php.net/releases/5_2_9.php

MANDRIVA - MDVSA-2009:023

MANDRIVA - MDVSA-2009:022

MANDRIVA - MDVSA-2009:021

CONFIRM - http://support.apple.com/kb/HT3865

SECTRACK - 1021494

SECUNIA - 36701

SECUNIA - 35650

SECUNIA - 35306

SECUNIA - 34642

OSVDB - 51031

HP - HPSBUX02465

HP - HPSBUX02431

SUSE - SUSE-SR:2009:008

APPLE - APPLE-SA-2009-09-10-2

MISC - http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php

MISC - http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php

CONFIRM - http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361&diff_format=u

HP - SSRT090192

HP - SSRT090085

Related Patches

Red Hat 2009:0338-01 RHSA Moderate: php security update for RHEL 5 x86


Last Updated: 27 May 2016 10:49:59