Launchpad CVE tracker

CVE 2008-3660

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

Related bugs and status

CVE-2008-3660 (Candidate) is related to these bugs:

Bug #286851: CVE-2008-3658,2008-3659,2008-3660

		In	Importance	Status
286851	CVE-2008-3658,2008-3659,2008-3660	php5 (Ubuntu)	Undecided	Fix Released
286851	CVE-2008-3658,2008-3659,2008-3660	Debian	Unknown	Fix Released
286851	CVE-2008-3658,2008-3659,2008-3660	php5 (Ubuntu Hardy)	Undecided	Fix Released

Bug #317672: CVE-2008-5557: heap overflows in the mbstring extension

Summary				In	Importance	Status
	317672	CVE-2008-5557: heap overflows in the mbstring extension		php5 (Ubuntu)	Undecided	Fix Released
	317672	CVE-2008-5557: heap overflows in the mbstring extension		php5 (Ubuntu Hardy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugs.gentoo.org...
MLIST: [oss-security] 2008080...
MLIST: [oss-security] 2008081...
SUSE: SUSE-SR:2008:018
DEBIAN: DSA-1647
SECTRACK: 1020994
SECUNIA: 32148
MANDRIVA: MDVSA-2009:021
MANDRIVA: MDVSA-2009:022
MANDRIVA: MDVSA-2009:023
MANDRIVA: MDVSA-2009:024
SECUNIA: 31982
CONFIRM: http://wiki.rpath.com/...
VUPEN: ADV-2008-2336
REDHAT: RHSA-2009:0350
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2009-05-12
CERT: TA09-133A
SECUNIA: 35074
VUPEN: ADV-2009-1297
FEDORA: FEDORA-2009-3768
FEDORA: FEDORA-2009-3848
SECUNIA: 35306
SECUNIA: 35650
GENTOO: GLSA-200811-05
SECUNIA: 32746
HP: HPSBUX02431
HP: SSRT090085
HP: HPSBUX02465
HP: SSRT090192
XF: php-curl-unspecified(4...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20090302 rPSA-2009-003...

Launchpad.net

CVE 2008-3660

Related bugs and status

Related bugs

References