CVE-2008-2829

Current Description

php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function.

Basic Data

PublishedJune 23, 2008
Last ModifiedOctober 09, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationPhpPhp********4.4.9
    2.3ApplicationPhpPhp5.2.5*******
    2.3ApplicationPhpPhp5.2.6*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux6.06***lts***
    2.3OSCanonicalUbuntu Linux7.04*******
    2.3OSCanonicalUbuntu Linux7.10*******
    2.3OSCanonicalUbuntu Linux8.04***lts***

Vulnerable Software List

VendorProductVersions
Canonical Ubuntu Linux 6.06, 7.04, 7.10, 8.04
Php Php *, 5.2.5, 5.2.6

References

NameSourceURLTags
http://bugs.php.net/bug.php?id=42862http://bugs.php.net/bug.php?id=42862MISCVendor Advisory
APPLE-SA-2009-05-12http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlAPPLEMailing List Third Party Advisory
SUSE-SR:2008:027http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.htmlSUSEThird Party Advisory
SSRT090085http://marc.info/?l=bugtraq&m=124654546101607&w=2HPMailing List Third Party Advisory
HPSBUX02465http://marc.info/?l=bugtraq&m=125631037611762&w=2HPMailing List Third Party Advisory
46641http://osvdb.org/46641OSVDBBroken Link
31200http://secunia.com/advisories/31200SECUNIAThird Party Advisory
32746http://secunia.com/advisories/32746SECUNIAThird Party Advisory
35074http://secunia.com/advisories/35074SECUNIAThird Party Advisory
35306http://secunia.com/advisories/35306SECUNIAThird Party Advisory
35650http://secunia.com/advisories/35650SECUNIAThird Party Advisory
GLSA-200811-05http://security.gentoo.org/glsa/glsa-200811-05.xmlGENTOOThird Party Advisory
http://support.apple.com/kb/HT3549http://support.apple.com/kb/HT3549CONFIRMThird Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0035http://wiki.rpath.com/Advisories:rPSA-2009-0035CONFIRMBroken Link
MDVSA-2008:126http://www.mandriva.com/security/advisories?name=MDVSA-2008:126MANDRIVAThird Party Advisory
MDVSA-2008:127http://www.mandriva.com/security/advisories?name=MDVSA-2008:127MANDRIVAThird Party Advisory
MDVSA-2008:128http://www.mandriva.com/security/advisories?name=MDVSA-2008:128MANDRIVAThird Party Advisory
[oss-security] 20080619 CVE request: php 5.2.6 ext/imap buffer overflowshttp://www.openwall.com/lists/oss-security/2008/06/19/6MLISTMailing List Third Party Advisory
[oss-security] 20080624 Re: CVE request: php 5.2.6 ext/imap buffer overflowshttp://www.openwall.com/lists/oss-security/2008/06/24/2MLISTMailing List Third Party Advisory
20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xslhttp://www.securityfocus.com/archive/1/501376/100/0/threadedBUGTRAQThird Party Advisory VDB Entry
29829http://www.securityfocus.com/bid/29829BIDPATCH Third Party Advisory VDB Entry
USN-628-1http://www.ubuntu.com/usn/usn-628-1UBUNTUThird Party Advisory
TA09-133Ahttp://www.us-cert.gov/cas/techalerts/TA09-133A.htmlCERTThird Party Advisory US Government Resource
ADV-2009-1297http://www.vupen.com/english/advisories/2009/1297VUPENPATCH Third Party Advisory
https://bugs.gentoo.org/show_bug.cgi?id=221969https://bugs.gentoo.org/show_bug.cgi?id=221969CONFIRMThird Party Advisory
php-phpimap-dos(43357)https://exchange.xforce.ibmcloud.com/vulnerabilities/43357XFThird Party Advisory VDB Entry
FEDORA-2009-3768https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.htmlFEDORAThird Party Advisory
FEDORA-2009-3848https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.htmlFEDORAThird Party Advisory