Date: Mon, 23 Jun 2008 15:20:02 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: coley@...re.org Subject: Re: CVE request: php 5.2.6 ext/imap buffer overflows ====================================================== Name: CVE-2008-2829 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829 Reference: MISC:http://bugs.php.net/bug.php?id=42862 Reference: CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=221969 Reference: MLIST:[oss-security] 20080619 CVE request: php 5.2.6 ext/imap buffer overflows Reference: URL:http://www.openwall.com/lists/oss-security/2008/06/19/6 php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.