CVE-2008-2829MEDIUM
Description
php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function.
References
http://bugs.php.net/bug.php?id=42862
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
http://marc.info/?l=bugtraq&m=124654546101607&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://secunia.com/advisories/31200
http://secunia.com/advisories/32746
http://secunia.com/advisories/35074
http://secunia.com/advisories/35306
http://secunia.com/advisories/35650
http://security.gentoo.org/glsa/glsa-200811-05.xml
http://support.apple.com/kb/HT3549
http://wiki.rpath.com/Advisories:rPSA-2009-0035
http://www.mandriva.com/security/advisories?name=MDVSA-2008:126
http://www.mandriva.com/security/advisories?name=MDVSA-2008:127
http://www.mandriva.com/security/advisories?name=MDVSA-2008:128
http://www.openwall.com/lists/oss-security/2008/06/19/6
http://www.openwall.com/lists/oss-security/2008/06/24/2
http://www.securityfocus.com/archive/1/501376/100/0/threaded
http://www.securityfocus.com/bid/29829
http://www.ubuntu.com/usn/usn-628-1
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2009/1297
https://bugs.gentoo.org/show_bug.cgi?id=221969
https://exchange.xforce.ibmcloud.com/vulnerabilities/43357
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 4.4.9 (inclusive)
Configuration 2
OR
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 4779 | PHP 5.x < 5.2.7 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | high |
| 39914 | openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-310) | Nessus | SuSE Local Security Checks | medium |
| 38957 | Fedora 9 : maniadrive-1.2-13.fc9 / php-5.2.9-2.fc9 (2009-3848) | Nessus | Fedora Local Security Checks | critical |
| 38956 | Fedora 10 : maniadrive-1.2-13.fc10 / php-5.2.9-2.fc10 (2009-3768) | Nessus | Fedora Local Security Checks | critical |
| 38744 | Mac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
| 38042 | Mandriva Linux Security Advisory : php (MDVSA-2008:127) | Nessus | Mandriva Local Security Checks | critical |
| 37584 | Mandriva Linux Security Advisory : php (MDVSA-2008:126) | Nessus | Mandriva Local Security Checks | critical |
| 36486 | Mandriva Linux Security Advisory : php (MDVSA-2008:128) | Nessus | Mandriva Local Security Checks | critical |
| 35051 | FreeBSD : php -- multiple vulnerabilities (27d01223-c457-11dd-a721-0030843d3802) | Nessus | FreeBSD Local Security Checks | high |
| 35043 | PHP 5 < 5.2.7 Multiple Vulnerabilities | Nessus | CGI abuses | high |
| 35035 | Slackware 12.0 / 12.1 / current : php (SSA:2008-339-01) | Nessus | Slackware Local Security Checks | high |
| 35004 | openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-5787) | Nessus | SuSE Local Security Checks | medium |
| 34787 | GLSA-200811-05 : PHP: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 33575 | Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : php5 vulnerabilities (USN-628-1) | Nessus | Ubuntu Local Security Checks | critical |
| 5023 | Mac OS X 10.5 < 10.5.7 Multiple Vulnerabilities | Nessus Network Monitor | Generic | critical |
| 801088 | PHP 5 < 5.2.7 Multiple Vulnerabilities | Log Correlation Engine | Web Servers | high |
| 800792 | Mac OS X 10.5 < 10.5.7 Multiple Vulnerabilities | Log Correlation Engine | Operating System Detection | high |