1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
PublicDate: 2008-03-27
Candidate: CVE-2008-1384
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1384
http://www.ubuntu.com/usn/usn-628-1
Description:
Integer overflow in PHP 5.2.5 and earlier allows context-dependent
attackers to cause a denial of service and possibly have unspecified other
impact via a printf format parameter with a large width specifier, related
to the php_sprintf_appendstring function in formatted_print.c and probably
other functions for formatted strings (aka *printf functions).
Ubuntu-Description:
Notes:
jdstrand> per Debian, needs a malicious script
Bugs:
Priority: negligible
Discovered-by:
Assigned-to:
Patches_php5:
vendor: http://www.debian.org/security/2008/dsa-1572
upstream_php5: released (5.2.6)
dapper_php5: released (5.1.2-1ubuntu3.12)
edgy_php5: needed
feisty_php5: released (5.2.1-0ubuntu1.6)
gutsy_php5: released (5.2.3-1ubuntu6.4)
hardy_php5: released (5.2.4-2ubuntu5.3)
devel_php5: not-affected (5.2.6-1ubuntu4)
|