Debian Bug report logs - #499994
CVE-2008-3659: Buffer overflow in the memnstr function

version graph

Package: php4; Maintainer for php4 is (unknown);

Reported by: sean finney <seanius@debian.org>

Date: Wed, 24 Sep 2008 06:42:01 UTC

Severity: important

Tags: patch

Fixed in version 6:4.4.6-2+rm

Done: Marco Rodrigues <gothicx@gmail.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#499988; Package php5. (Wed, 24 Sep 2008 06:42:03 GMT) (full text, mbox, link).

Acknowledgement sent to sean finney <seanius@debian.org>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Wed, 24 Sep 2008 06:42:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: sean finney <seanius@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2008-3659: Buffer overflow in the memnstr function
Date: Wed, 24 Sep 2008 08:37:33 +0200
Package: php5
Version: 5.2.6-3
Severity: important
Tags: patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

via http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659:

Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP
5.6 through 5.2.6 allows context-dependent attackers to cause a denial
of service (crash) and possibly execute arbitrary code via the delimiter
argument to the explode function. NOTE: the scope of this issue is limited
since most applications would not use an attacker-controlled delimiter,
but local attacks against safe_mode are feasible.



while the attack vector may be somewhat limited, apparently this vector
is actually used in practice by a number of apps, so we should include
the patch (well we in fact have already incorporated it into the svn
repo, but it has not yet been released):

http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_operators.h?r1=1.94.2.4.2.11&r2=1.94.2.4.2.12&view=patch


	sean

- -- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages php5 depends on:
ii  libapache2-mod-php5           5.2.6-3    server-side, HTML-embedded scripti
ii  php5-cgi                      5.2.6-3    server-side, HTML-embedded scripti
ii  php5-common                   5.2.6-3    Common files for packages built fr

php5 recommends no packages.

php5 suggests no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFI2eAtynjLPm522B0RAon9AJ9BaYTEx909jJMUGrl8RS1YxjxUkgCfbdfH
RHer27eJlWdu5BMJCLTzEUw=
=facc
-----END PGP SIGNATURE-----

Bug 499988 cloned as bug 499994. Request was from Sean Finney <seanius@debian.org> to control@bugs.debian.org. (Wed, 24 Sep 2008 06:54:02 GMT) (full text, mbox, link).

Bug reassigned from package `php5' to `php4'. Request was from Sean Finney <seanius@debian.org> to control@bugs.debian.org. (Wed, 24 Sep 2008 06:54:04 GMT) (full text, mbox, link).

Reply sent to Marco Rodrigues <gothicx@gmail.com>:
You have taken responsibility. (Sat, 27 Mar 2010 09:18:16 GMT) (full text, mbox, link).

Notification sent to sean finney <seanius@debian.org>:
Bug acknowledged by developer. (Sat, 27 Mar 2010 09:18:16 GMT) (full text, mbox, link).

Message #14 received at 499994-done@bugs.debian.org (full text, mbox, reply):

From: Marco Rodrigues <gothicx@gmail.com>
To: 499994-done@bugs.debian.org
Subject: Package php4 has been removed from Debian
Date: Wed, 24 Mar 2010 20:20:17 +0000 (WET)
Version: 6:4.4.6-2+rm

You filed the bug http://bugs.debian.org/499994 in Debian BTS
against the package php4. I'm closing it at *unstable*, but it will
remain open for older distributions.

For more information about this package's removal, read
http://bugs.debian.org/428266. That bug might give the reasons why
this package was removed and suggestions of possible replacements.

Don't hesitate to reply to this mail if you have any question.

Thank you for your contribution to Debian.

--
Marco Rodrigues

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 25 Apr 2010 07:33:19 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 2 02:34:12 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.