Launchpad.net

CVE 2008-2829

php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function.

Related bugs and status

CVE-2008-2829 (Candidate) is related to these bugs:

Bug #227464: Please roll out security fixes from PHP 5.2.6

		In	Importance	Status
227464	Please roll out security fixes from PHP 5.2.6	php5 (Ubuntu)	Undecided	Fix Released
227464	Please roll out security fixes from PHP 5.2.6	php5 (Debian)	Unknown	Fix Released
227464	Please roll out security fixes from PHP 5.2.6	Hardy Backports	Undecided	Invalid
227464	Please roll out security fixes from PHP 5.2.6	php5 (Ubuntu Hardy)	Undecided	Fix Released
227464	Please roll out security fixes from PHP 5.2.6	php5 (Ubuntu Dapper)	Undecided	Fix Released
227464	Please roll out security fixes from PHP 5.2.6	php5 (Ubuntu Feisty)	Undecided	Fix Released
227464	Please roll out security fixes from PHP 5.2.6	php5 (Ubuntu Gutsy)	Undecided	Fix Released

Bug #485973: php5-cgi: IMAP toolkit crash

		In	Importance	Status
485973	php5-cgi: IMAP toolkit crash	php-imap (Ubuntu)	High	Fix Released
485973	php5-cgi: IMAP toolkit crash	php-imap (Ubuntu Dapper)	High	Won't Fix
485973	php5-cgi: IMAP toolkit crash	php-imap (Ubuntu Hardy)	High	Fix Released
485973	php5-cgi: IMAP toolkit crash	php-imap (Ubuntu Jaunty)	High	Fix Released
485973	php5-cgi: IMAP toolkit crash	php-imap (Ubuntu Intrepid)	High	Fix Released
485973	php5-cgi: IMAP toolkit crash	php-imap (Ubuntu Karmic)	High	Fix Released
485973	php5-cgi: IMAP toolkit crash	php-imap (Ubuntu Lucid)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-2829

Related bugs and status

Related bugs

References