oss-sec mailing list archives
Re: CVE request: php 5.2.6 ext/imap buffer overflows
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 23 Jun 2008 15:20:02 -0400 (EDT)
====================================================== Name: CVE-2008-2829 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829 Reference: MISC:http://bugs.php.net/bug.php?id=42862 Reference: CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=221969 Reference: MLIST:[oss-security] 20080619 CVE request: php 5.2.6 ext/imap buffer overflows Reference: URL:http://www.openwall.com/lists/oss-security/2008/06/19/6 php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message.
Current thread:
- CVE request: php 5.2.6 ext/imap buffer overflows Christian Hoffmann (Jun 19)
- Re: CVE request: php 5.2.6 ext/imap buffer overflows Steven M. Christey (Jun 23)
- Re: CVE request: php 5.2.6 ext/imap buffer overflows Christian Hoffmann (Jun 24)
- Re: CVE request: php 5.2.6 ext/imap buffer overflows Steven M. Christey (Jun 23)