CVE-2008-2829
Published: 23 June 2008
php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function.
Notes
Author | Note |
---|---|
mdeslaur | The imap plugin is in a separate package (php-imap). Although usn-628-1 patched the php source for this, the code is not actually built. |
Priority
Status
Package | Release | Status |
---|---|---|
php-imap Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Released
(5.2.3-0ubuntu3.1)
|
|
intrepid |
Released
(5.2.6-0ubuntu3.1)
|
|
jaunty |
Released
(5.2.6-0ubuntu5.1)
|
|
karmic |
Released
(5.2.6-0ubuntu6.1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://svn.php.net/viewvc?view=revision&revision=267399 vendor: http://patch-tracker.debian.org/patch/series/view/php5/5.2.6.dfsg.1-1+lenny4/CVE-2008-2829.patch |
||
php4 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
php5 Launchpad, Ubuntu, Debian |
dapper |
Released
(5.1.2-1ubuntu3.12)
|
feisty |
Released
(5.2.1-0ubuntu1.6)
|
|
gutsy |
Released
(5.2.3-1ubuntu6.4)
|
|
hardy |
Released
(5.2.4-2ubuntu5.3)
|
|
intrepid |
Not vulnerable
(5.2.6-2ubuntu1)
|
|
jaunty |
Not vulnerable
(5.2.6-2ubuntu1)
|
|
karmic |
Not vulnerable
(5.2.6-2ubuntu1)
|
|
upstream |
Released
(5.2.6-2)
|