FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-2829

This CVE name corresponds to:

Entered	Topic
2008-12-07	php -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-2829 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2008-2829
Phase	Assigned(20080623)

Description

php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function.

References

Source	Reference
BUGTRAQ	20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl
MISC	http://bugs.php.net/bug.php?id=42862
CONFIRM	https://bugs.gentoo.org/show_bug.cgi?id=221969
MLIST	[oss-security] 20080619 CVE request: php 5.2.6 ext/imap buffer overflows
MLIST	[oss-security] 20080624 Re: CVE request: php 5.2.6 ext/imap buffer overflows
CONFIRM	http://wiki.rpath.com/Advisories:rPSA-2009-0035
CONFIRM	http://support.apple.com/kb/HT3549
APPLE	APPLE-SA-2009-05-12
FEDORA	FEDORA-2009-3768
FEDORA	FEDORA-2009-3848
GENTOO	GLSA-200811-05
HP	HPSBUX02431
HP	SSRT090085
HP	HPSBUX02465
HP	SSRT090192
MANDRIVA	MDVSA-2008:126
MANDRIVA	MDVSA-2008:127
MANDRIVA	MDVSA-2008:128
SUSE	SUSE-SR:2008:027
UBUNTU	USN-628-1
CERT	TA09-133A
BID	29829
OSVDB	46641
SECUNIA	31200
SECUNIA	35074
SECUNIA	35306
SECUNIA	35650
SECUNIA	32746
VUPEN	ADV-2009-1297
XF	php-phpimap-dos(43357)