CVE - CVE-2008-2829

CVE-ID
CVE-2008-2829	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2009-05-12 URL:http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BID:29829 URL:http://www.securityfocus.com/bid/29829 BUGTRAQ:20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl URL:http://www.securityfocus.com/archive/1/501376/100/0/threaded CERT:TA09-133A URL:http://www.us-cert.gov/cas/techalerts/TA09-133A.html CONFIRM:http://support.apple.com/kb/HT3549 CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2009-0035 CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=221969 FEDORA:FEDORA-2009-3768 URL:https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html FEDORA:FEDORA-2009-3848 URL:https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html GENTOO:GLSA-200811-05 URL:http://security.gentoo.org/glsa/glsa-200811-05.xml HP:HPSBUX02431 URL:http://marc.info/?l=bugtraq&m=124654546101607&w=2 HP:HPSBUX02465 URL:http://marc.info/?l=bugtraq&m=125631037611762&w=2 HP:SSRT090085 URL:http://marc.info/?l=bugtraq&m=124654546101607&w=2 HP:SSRT090192 URL:http://marc.info/?l=bugtraq&m=125631037611762&w=2 MANDRIVA:MDVSA-2008:126 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:126~~ (Obsolete source) MANDRIVA:MDVSA-2008:127 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:127~~ (Obsolete source) MANDRIVA:MDVSA-2008:128 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:128~~ (Obsolete source) MISC:http://bugs.php.net/bug.php?id=42862 MLIST:[oss-security] 20080619 CVE request: php 5.2.6 ext/imap buffer overflows URL:http://www.openwall.com/lists/oss-security/2008/06/19/6 MLIST:[oss-security] 20080624 Re: CVE request: php 5.2.6 ext/imap buffer overflows URL:http://www.openwall.com/lists/oss-security/2008/06/24/2 OSVDB:46641 URL:~~http://osvdb.org/46641~~ (Obsolete source) SECUNIA:31200 URL:http://secunia.com/advisories/31200 SECUNIA:32746 URL:http://secunia.com/advisories/32746 SECUNIA:35074 URL:http://secunia.com/advisories/35074 SECUNIA:35306 URL:http://secunia.com/advisories/35306 SECUNIA:35650 URL:http://secunia.com/advisories/35650 SUSE:SUSE-SR:2008:027 URL:http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html UBUNTU:USN-628-1 URL:http://www.ubuntu.com/usn/usn-628-1 VUPEN:ADV-2009-1297 URL:~~http://www.vupen.com/english/advisories/2009/1297~~ (Obsolete source) XF:php-phpimap-dos(43357) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/43357
Assigning CNA
MITRE Corporation
Date Record Created
20080623	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080623)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)