CVE-2008-0599
published 2008-05-05CVE-2008-0599: The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | < 10.5.4 | 10.5.4 |
| apple | mac_os_x_server | < 10.5.4 | 10.5.4 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| php | php | < 5.2.6 | 5.2.6 |
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2008-07-23·CVSS 5.0
CVE-2007-4782 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: PHP vulnerabilities
It was discovered that PHP did not properly check the length of the
string parameter to the fnmatch function. An attacker could cause a
denial of service in the PHP interpreter if a script passed untrusted
input to the fnmatch function. (CVE-2007-4782)
Maksymilian Arciemowicz discovered a flaw in the cURL library that
allowed safe_mode and open_basedir restrictions to be bypassed. If a
PHP application were tricked into processing a bad file:// request,
an attacker could read arbitrary files. (CVE-2007-4850)
Rasmus Lerdorf discovered that the htmlentities and htmlspecialchars
functions did not correctly stop when handling partial multibyte
sequences. A remote attacker could exploit this to read certain areas
of memory, possibly gai
Red Hat
php: buffer overflow in a CGI path translation
vendor_redhat·2008-05-01·CVSS 9.8
CVE-2008-0599 [CRITICAL] php: buffer overflow in a CGI path translation
php: buffer overflow in a CGI path translation
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
Statement: Not vulnerable. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, and Red Hat Application Stack v1.
GHSA
GHSA-m9m5-q9x5-6877: The init_request_info function in sapi/cgi/cgi_main
ghsa_unreviewed·2022-05-01
CVE-2008-0599 [HIGH] CWE-131 GHSA-m9m5-q9x5-6877: The init_request_info function in sapi/cgi/cgi_main
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
No detection rules found.
No public exploits indexed.
CWE
Incorrect Calculation of Buffer Size
mitre_cwe
CWE-131 Incorrect Calculation of Buffer Size
CWE-131: Incorrect Calculation of Buffer Size
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity, Availability, Confidentiality. Impact: DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands, Read Memory, Modify Memory. If the incorrect calculation is used in the context of memory allocation, then the software may create a buffer that is smaller or larger than expected. If the allocated buffer is smaller than expected, this could lead to an out-of-bounds read or write (CWE-119), possibly causing a crash, allowing arbitrary code execution, or exposing sensitive data.
Detection Methods:
Automated Static Analysis: This
CWE
Operator Precedence Logic Error
mitre_cwe
CWE-783 Operator Precedence Logic Error
CWE-783: Operator Precedence Logic Error
The product uses an expression in which operator precedence causes incorrect logic to be used.
While often just a bug, operator precedence logic errors can have serious consequences if they are used in security-critical code, such as making an authentication decision.
Modes of Introduction:
Phase: Implementation
Note: Logic errors related to operator precedence may cause problems even during normal operation, so they are probably discovered quickly during the testing phase. If testing is incomplete or there is a strong reliance on manual review of the code, then these errors may not be discovered before the software is deployed.
Common Consequences:
Scope: Confidentiality, Integrity, Availability. Impact: Varies by Context, Unexpected State. The
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=uhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.htmlhttp://marc.info/?l=bugtraq&m=124654546101607&w=2http://marc.info/?l=bugtraq&m=125631037611762&w=2http://secunia.com/advisories/30048http://secunia.com/advisories/30083http://secunia.com/advisories/30345http://secunia.com/advisories/30616http://secunia.com/advisories/30757http://secunia.com/advisories/30828http://secunia.com/advisories/31200http://secunia.com/advisories/31326http://secunia.com/advisories/32746http://secunia.com/advisories/35650http://security.gentoo.org/glsa/glsa-200811-05.xmlhttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176http://www.kb.cert.org/vuls/id/147027http://www.mandriva.com/security/advisories?name=MDVSA-2008:127http://www.mandriva.com/security/advisories?name=MDVSA-2008:128http://www.openwall.com/lists/oss-security/2008/05/02/2http://www.php.net/ChangeLog-5.phphttp://www.redhat.com/support/errata/RHSA-2008-0505.htmlhttp://www.securityfocus.com/archive/1/492535/100/0/threadedhttp://www.securityfocus.com/bid/29009http://www.securitytracker.com/id?1019958http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951http://www.ubuntu.com/usn/usn-628-1http://www.vupen.com/english/advisories/2008/1412http://www.vupen.com/english/advisories/2008/1810/referenceshttp://www.vupen.com/english/advisories/2008/2268https://exchange.xforce.ibmcloud.com/vulnerabilities/42137https://issues.rpath.com/browse/RPL-2503https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5510https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.htmlhttp://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=uhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.htmlhttp://marc.info/?l=bugtraq&m=124654546101607&w=2http://marc.info/?l=bugtraq&m=125631037611762&w=2http://secunia.com/advisories/30048http://secunia.com/advisories/30083http://secunia.com/advisories/30345http://secunia.com/advisories/30616http://secunia.com/advisories/30757http://secunia.com/advisories/30828http://secunia.com/advisories/31200http://secunia.com/advisories/31326http://secunia.com/advisories/32746http://secunia.com/advisories/35650http://security.gentoo.org/glsa/glsa-200811-05.xmlhttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176http://www.kb.cert.org/vuls/id/147027http://www.mandriva.com/security/advisories?name=MDVSA-2008:127http://www.mandriva.com/security/advisories?name=MDVSA-2008:128http://www.openwall.com/lists/oss-security/2008/05/02/2http://www.php.net/ChangeLog-5.phphttp://www.redhat.com/support/errata/RHSA-2008-0505.htmlhttp://www.securityfocus.com/archive/1/492535/100/0/threadedhttp://www.securityfocus.com/bid/29009http://www.securitytracker.com/id?1019958http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951http://www.ubuntu.com/usn/usn-628-1http://www.vupen.com/english/advisories/2008/1412http://www.vupen.com/english/advisories/2008/1810/referenceshttp://www.vupen.com/english/advisories/2008/2268https://exchange.xforce.ibmcloud.com/vulnerabilities/42137https://issues.rpath.com/browse/RPL-2503https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5510https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html
2008-05-05
Published