Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2008-5557: buffer overflow

Related Vulnerabilities: CVE-2008-5557  

Source

Debian Bug report logs - #511493
CVE-2008-5557: buffer overflow

version graph

Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>; Source for php5 is src:php5 (PTS, buildd, popcon).

Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>

Date: Sun, 11 Jan 2009 15:33:01 UTC

Severity: grave

Tags: patch, pending, security

Found in versions php5/5.2.5-3, 5.0.2-0.1

Fixed in versions 5.2.6.dfsg.1-2, 5.2.6.dfsg.1-1+lenny1

Done: sean finney <seanius@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#511493; Package php5. (Sun, 11 Jan 2009 15:33:04 GMT) (full text, mbox, link).

Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Sun, 11 Jan 2009 15:33:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Steffen Joeris <steffen.joeris@skolelinux.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2008-5557: buffer overflow
Date: Sun, 11 Jan 2009 10:30:20 -0500
Package: php5
Severity: grave
Tags: security, patch
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for php5.

CVE-2008-5557[0]:
| Heap-based buffer overflow in
| ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring
| extension in PHP 4.3.0 through 5.2.6 allows context-dependent
| attackers to execute arbitrary code via a crafted string containing an
| HTML entity, which is not properly handled during Unicode conversion,
| related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3)
| mb_convert_variables, and (4) mb_parse_str functions.

There are some more information available in the php bugreport[1],
including the PoC which seems to work.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Cheers
Steffen

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5557
    http://security-tracker.debian.net/tracker/CVE-2008-5557
[1] http://bugs.php.net/bug.php?id=45722

Tags added: pending Request was from Sean Finney <seanius@alioth.debian.org> to control@bugs.debian.org. (Sun, 11 Jan 2009 19:21:03 GMT) (full text, mbox, link).

Tags added: pending Request was from Sean Finney <seanius@alioth.debian.org> to control@bugs.debian.org. (Sun, 11 Jan 2009 21:30:06 GMT) (full text, mbox, link).

Reply sent to sean finney <seanius@debian.org>:
You have taken responsibility. (Tue, 13 Jan 2009 21:24:08 GMT) (full text, mbox, link).

Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer. (Tue, 13 Jan 2009 21:24:09 GMT) (full text, mbox, link).

Message #14 received at 511493-done@bugs.debian.org (full text, mbox, reply):

From: sean finney <seanius@debian.org>
To: 511493-done@bugs.debian.org
Subject: Re: [php-maint] Bug#511493: CVE-2008-5557: buffer overflow
Date: Tue, 13 Jan 2009 22:21:41 +0100
[Message part 1 (text/plain, inline)]
Version: 5.2.6.dfsg.1-2

fixed in unstable.  an upload was skipped so closing manually.

	sean

[signature.asc (application/pgp-signature, inline)]

Bug marked as found in version 5.2.5-3. Request was from Sean Finney <seanius@debian.org> to control@bugs.debian.org. (Wed, 14 Jan 2009 08:33:02 GMT) (full text, mbox, link).

Bug marked as found in version 5.0.2-0.1. Request was from Sean Finney <seanius@debian.org> to control@bugs.debian.org. (Wed, 14 Jan 2009 08:33:03 GMT) (full text, mbox, link).

Reply sent to sean finney <seanius@debian.org>:
You have taken responsibility. (Sat, 28 Feb 2009 19:42:05 GMT) (full text, mbox, link).

Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer. (Sat, 28 Feb 2009 19:42:09 GMT) (full text, mbox, link).

Message #23 received at 511493-done@bugs.debian.org (full text, mbox, reply):

From: sean finney <seanius@debian.org>
To: 511493-done@bugs.debian.org, 511049-done@bugs.debian.org, 508989-done@bugs.debian.org
Subject: fixed in previous version but not recorded
Date: Sat, 28 Feb 2009 20:40:27 +0100
[Message part 1 (text/plain, inline)]
Version: 5.2.6.dfsg.1-1+lenny1

The following bugs are fixed in lenny, but were not recorded as such because
there was an unreleased version in between uploads which was not automatically
processed for Closes: lines.

[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 29 Mar 2009 07:37:16 GMT) (full text, mbox, link).

Bug unarchived. Request was from Sean Finney <seanius@debian.org> to control@bugs.debian.org. (Tue, 28 Apr 2009 17:45:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#511493; Package php5. (Tue, 28 Apr 2009 18:03:05 GMT) (full text, mbox, link).

Acknowledgement sent to Sean Finney <seanius@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Tue, 28 Apr 2009 18:03:05 GMT) (full text, mbox, link).

Message #32 received at 511493@bugs.debian.org (full text, mbox, reply):

From: Sean Finney <seanius@debian.org>
To: 511493@bugs.debian.org
Cc: ,control@bugs.debian.org
Subject: [debian/debian-etch] fix for CVE-2008-5557: Heap based overflow in mbstring extension
Date: Tue, 28 Apr 2009 18:00:43 +0000
tag 511493 pending
thanks

Date: Tue Apr 28 19:43:55 2009 +0200
Author: Sean Finney <seanius@debian.org>
Commit ID: abafc5330cede8260890b3083b739891bd029d62
Commit URL: http://git.debian.org/?p=pkg-php/php.git;a=commitdiff;h=abafc5330cede8260890b3083b739891bd029d62
Patch URL: http://git.debian.org/?p=pkg-php/php.git;a=commitdiff_plain;h=abafc5330cede8260890b3083b739891bd029d62

    fix for CVE-2008-5557: Heap based overflow in mbstring extension

    this was imported from the dapper 5.1.2-1ubuntu3.13 security update

    Closes: #511493

Tags added: pending Request was from Sean Finney <seanius@debian.org> to control@bugs.debian.org. (Tue, 28 Apr 2009 18:03:09 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 27 May 2009 07:32:19 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:01:56 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started