Vigil@nce: PHP 5, several vulnerabilities
November 2008 by Vigil@nce
SYNTHESIS
An attacker can use several vulnerabilities of PHP in order to
create a denial of service or to execute code.
Gravity: 2/4
Consequences: user access/rights, denial of service of service
Provenance: internet client
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 4
Creation date: 18/11/2008
IMPACTED PRODUCTS
– Debian Linux
– Mandriva Corporate
– Mandriva Linux
– Mandriva Multi Network Firewall
– Novell Linux Desktop
– Novell Open Enterprise Server
– OpenSUSE
– PHP
– SuSE Linux
– SUSE LINUX Enterprise Server
– TurboLinux
DESCRIPTION
Several vulnerabilities were announced in PHP 5.
A long IMAP query generates an overflow in the php_imap extension.
[grav:2/4; CVE-2008-2829]
An attacker can create a malicious font in order to create a
denial of service in imageloadfont() of ext/gd/gd.c. [grav:1/4;
BID-30649, CVE-2008-3658]
An attacker can generate an overflow in memnstr(). [grav:2/4;
BID-30649, CVE-2008-3659]
When the FastCGI module is used, an attacker can use a filename
containing several dots in order to create a denial of service.
[grav:2/4; CVE-2008-3660]
These vulnerabilities are local or remote depending on the context.
CHARACTERISTICS
Identifiers: BID-30649, CVE-2008-2829, CVE-2008-3658,
CVE-2008-3659, CVE-2008-3660, DSA 1647-1, MDVSA-2008:125,
MDVSA-2008:126, MDVSA-2008:127, MDVSA-2008:128, MDVSA-2008:129,
MDVSA-2008:130, SUSE-SR:2008:018, SUSE-SR:2008:021, TLSA-2008-27,
VIGILANCE-VUL-8254