Published: 15/08/2008 Updated: 11/10/2018

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Buffer overflow in the memnstr function in PHP 4.4.x prior to 4.4.9 and PHP 5.6 up to and including 5.2.6 allows context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 4.4.0
php php 4.4.1
php php 4.4.8
php php 5.2.0
php php 4.4.2
php php 4.4.3
php php 5.2.1
php php 5.2.2
php php 5.2.3
php php 4.4.4
php php 4.4.5
php php 5.2.4
php php 5.2.5
php php 4.4.6
php php 4.4.7
php php 5.2.6

It was discovered that PHP did not properly enforce php_admin_value and php_admin_flag restrictions in the Apache configuration file A local attacker could create a specially crafted PHP script that would bypass intended security restrictions This issue only applied to Ubuntu 606 LTS, 710, and 804 LTS (CVE-2007-5900) ...

Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-3658 Buffer overflow in the imageloadfont function allows a denial of service or code execution through a crafted font file CVE-2008-3659 Buf ...

CWE-119 http://bugs.gentoo.org/show_bug.cgi?id=234102 http://news.php.net/php.cvs/52002 http://www.php.net/archive/2008.php#id2008-08-07-1 http://www.openwall.com/lists/oss-security/2008/08/08/2 http://www.openwall.com/lists/oss-security/2008/08/08/3 http://www.openwall.com/lists/oss-security/2008/08/08/4 http://www.openwall.com/lists/oss-security/2008/08/13/8 http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://www.securitytracker.com/id?1020995 http://www.debian.org/security/2008/dsa-1647 http://secunia.com/advisories/32148 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html http://secunia.com/advisories/32316 http://www.mandriva.com/security/advisories?name=MDVSA-2009:023 http://www.mandriva.com/security/advisories?name=MDVSA-2009:024 http://secunia.com/advisories/31982 http://www.mandriva.com/security/advisories?name=MDVSA-2009:022 http://www.mandriva.com/security/advisories?name=MDVSA-2009:021 http://wiki.rpath.com/Advisories:rPSA-2009-0035 http://www.vupen.com/english/advisories/2008/2336 http://osvdb.org/47483 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://www.vupen.com/english/advisories/2009/1297 http://secunia.com/advisories/35074 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://support.apple.com/kb/HT3549 http://secunia.com/advisories/35650 http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://secunia.com/advisories/32746 http://security.gentoo.org/glsa/glsa-200811-05.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/44405 http://www.securityfocus.com/archive/1/501376/100/0/threaded https://usn.ubuntu.com/720-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-3659

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect