CVE-2008-3658 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 93%

Affected Products (NVD)

Vendor	Product	Version
php	php	4.4.0
php	php	4.4.1
php	php	4.4.2
php	php	4.4.3
php	php	4.4.4
php	php	4.4.5
php	php	4.4.6
php	php	4.4.7
php	php	4.4.8
php	php	5.2.0
php	php	5.2.1
php	php	5.2.2
php	php	5.2.3
php	php	5.2.4
php	php	5.2.5
php	php	5.2.6

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

php4

dapper	ignored
feisty	dne
gutsy	dne
hardy	dne
intrepid	dne
jaunty	dne
karmic	dne

php5

dapper	Fixed 5.1.2-1ubuntu3.13 released
feisty	ignored
gutsy	Fixed 5.2.3-1ubuntu6.5 released
hardy	Fixed 5.2.4-2ubuntu5.5 released
intrepid	Fixed 5.2.6-2ubuntu4.1 released
jaunty	not-affected
karmic	not-affected

Known Exploits!

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://bugs.gentoo.org/show_bug.cgi?id=234102

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html

http://marc.info/?l=bugtraq&m=123376588623823&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://news.php.net/php.cvs/51219

http://osvdb.org/47484

http://secunia.com/advisories/31982

http://secunia.com/advisories/32148

http://secunia.com/advisories/32316

http://secunia.com/advisories/32746

http://secunia.com/advisories/32884

http://secunia.com/advisories/33797

http://secunia.com/advisories/35074

http://secunia.com/advisories/35306

http://security.gentoo.org/glsa/glsa-200811-05.xml

http://support.apple.com/kb/HT3549

http://wiki.rpath.com/Advisories:rPSA-2009-0035

http://www.debian.org/security/2008/dsa-1647

http://www.mandriva.com/security/advisories?name=MDVSA-2009:021

http://www.mandriva.com/security/advisories?name=MDVSA-2009:022

http://www.mandriva.com/security/advisories?name=MDVSA-2009:023

http://www.mandriva.com/security/advisories?name=MDVSA-2009:024

http://www.openwall.com/lists/oss-security/2008/08/08/2

http://www.openwall.com/lists/oss-security/2008/08/13/8

http://www.php.net/archive/2008.php#id2008-08-07-1

http://www.redhat.com/support/errata/RHSA-2009-0350.html

http://www.securityfocus.com/archive/1/498647/100/0/threaded

http://www.securityfocus.com/archive/1/501376/100/0/threaded

http://www.securityfocus.com/bid/30649

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2008/2336

http://www.vupen.com/english/advisories/2008/3275

http://www.vupen.com/english/advisories/2009/0320

http://www.vupen.com/english/advisories/2009/1297

https://exchange.xforce.ibmcloud.com/vulnerabilities/44401

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9724

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html

http://bugs.gentoo.org/show_bug.cgi?id=234102

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html

http://marc.info/?l=bugtraq&m=123376588623823&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://news.php.net/php.cvs/51219

http://osvdb.org/47484

http://secunia.com/advisories/31982

http://secunia.com/advisories/32148

http://secunia.com/advisories/32316

http://secunia.com/advisories/32746

http://secunia.com/advisories/32884

http://secunia.com/advisories/33797

http://secunia.com/advisories/35074

http://secunia.com/advisories/35306

http://security.gentoo.org/glsa/glsa-200811-05.xml

http://support.apple.com/kb/HT3549

http://wiki.rpath.com/Advisories:rPSA-2009-0035

http://www.debian.org/security/2008/dsa-1647

http://www.mandriva.com/security/advisories?name=MDVSA-2009:021

http://www.mandriva.com/security/advisories?name=MDVSA-2009:022

http://www.mandriva.com/security/advisories?name=MDVSA-2009:023

http://www.mandriva.com/security/advisories?name=MDVSA-2009:024

http://www.openwall.com/lists/oss-security/2008/08/08/2

http://www.openwall.com/lists/oss-security/2008/08/13/8

http://www.php.net/archive/2008.php#id2008-08-07-1

http://www.redhat.com/support/errata/RHSA-2009-0350.html

http://www.securityfocus.com/archive/1/498647/100/0/threaded

http://www.securityfocus.com/archive/1/501376/100/0/threaded

http://www.securityfocus.com/bid/30649

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2008/2336

http://www.vupen.com/english/advisories/2008/3275

http://www.vupen.com/english/advisories/2009/0320

http://www.vupen.com/english/advisories/2009/1297

https://exchange.xforce.ibmcloud.com/vulnerabilities/44401

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9724

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html