CVE-2008-3659 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.4 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 94%

Vendor	Product	Version
php	php	4.4.0
php	php	4.4.1
php	php	4.4.2
php	php	4.4.3
php	php	4.4.4
php	php	4.4.5
php	php	4.4.6
php	php	4.4.7
php	php	4.4.8
php	php	5.2.0
php	php	5.2.1
php	php	5.2.2
php	php	5.2.3
php	php	5.2.4
php	php	5.2.5
php	php	5.2.6

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

php4

karmic	dne
jaunty	dne
intrepid	dne
hardy	dne
gutsy	dne
feisty	dne
dapper	ignored

php5

karmic	not-affected
jaunty	not-affected
intrepid	Fixed 5.2.6-2ubuntu4.1 released
hardy	Fixed 5.2.4-2ubuntu5.5 released
gutsy	Fixed 5.2.3-1ubuntu6.5 released
feisty	ignored
dapper	Fixed 5.1.2-1ubuntu3.13 released

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://bugs.gentoo.org/show_bug.cgi?id=234102

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://news.php.net/php.cvs/52002

http://osvdb.org/47483

http://secunia.com/advisories/31982

http://secunia.com/advisories/32148

http://secunia.com/advisories/32316

http://secunia.com/advisories/32746

http://secunia.com/advisories/35074

http://secunia.com/advisories/35650

http://security.gentoo.org/glsa/glsa-200811-05.xml

http://support.apple.com/kb/HT3549

http://wiki.rpath.com/Advisories:rPSA-2009-0035

http://www.debian.org/security/2008/dsa-1647

http://www.mandriva.com/security/advisories?name=MDVSA-2009:021

http://www.mandriva.com/security/advisories?name=MDVSA-2009:022

http://www.mandriva.com/security/advisories?name=MDVSA-2009:023

http://www.mandriva.com/security/advisories?name=MDVSA-2009:024

http://www.openwall.com/lists/oss-security/2008/08/08/2

http://www.openwall.com/lists/oss-security/2008/08/08/3

http://www.openwall.com/lists/oss-security/2008/08/08/4

http://www.openwall.com/lists/oss-security/2008/08/13/8

http://www.php.net/archive/2008.php#id2008-08-07-1

http://www.securityfocus.com/archive/1/501376/100/0/threaded

http://www.securitytracker.com/id?1020995

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2008/2336

http://www.vupen.com/english/advisories/2009/1297

https://exchange.xforce.ibmcloud.com/vulnerabilities/44405

http://bugs.gentoo.org/show_bug.cgi?id=234102

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://news.php.net/php.cvs/52002

http://osvdb.org/47483

http://secunia.com/advisories/31982

http://secunia.com/advisories/32148

http://secunia.com/advisories/32316

http://secunia.com/advisories/32746

http://secunia.com/advisories/35074

http://secunia.com/advisories/35650

http://security.gentoo.org/glsa/glsa-200811-05.xml

http://support.apple.com/kb/HT3549

http://wiki.rpath.com/Advisories:rPSA-2009-0035

http://www.debian.org/security/2008/dsa-1647

http://www.mandriva.com/security/advisories?name=MDVSA-2009:021

http://www.mandriva.com/security/advisories?name=MDVSA-2009:022

http://www.mandriva.com/security/advisories?name=MDVSA-2009:023

http://www.mandriva.com/security/advisories?name=MDVSA-2009:024

http://www.openwall.com/lists/oss-security/2008/08/08/2

http://www.openwall.com/lists/oss-security/2008/08/08/3

http://www.openwall.com/lists/oss-security/2008/08/08/4

http://www.openwall.com/lists/oss-security/2008/08/13/8

http://www.php.net/archive/2008.php#id2008-08-07-1

http://www.securityfocus.com/archive/1/501376/100/0/threaded

http://www.securitytracker.com/id?1020995

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2008/2336

http://www.vupen.com/english/advisories/2009/1297

https://exchange.xforce.ibmcloud.com/vulnerabilities/44405