Vulnerability Name:

CVE-2008-3659 (CCN-44405)

Assigned:2008-08-07
Published:2008-08-07
Updated:2018-10-11
Summary:Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function.
Note: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.
Overview contains a typo, should read "PHP 5.2 through 5.2.6" not "5.6 through 5.2.6".
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Gentoo Bugzilla Bug 234102
dev-lang/php < 5.2.6-r6: arbitrary code execution, DoS, safe_mode bypass (CVE-2008-{3658,3659,3660})

Source: CONFIRM
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=234102

Source: MITRE
Type: CNA
CVE-2008-3659

Source: CCN
Type: HP Security Bulletin HPSBUX02431 SSRT090085 rev.1
HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Execution of Arbitrary Code

Source: APPLE
Type: UNKNOWN
APPLE-SA-2009-05-12

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:018

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:021

Source: HP
Type: UNKNOWN
SSRT090085

Source: HP
Type: UNKNOWN
HPSBUX02465

Source: CONFIRM
Type: UNKNOWN
http://news.php.net/php.cvs/52002

Source: OSVDB
Type: UNKNOWN
47483

Source: CCN
Type: SA31409
PHP Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
31982

Source: SECUNIA
Type: UNKNOWN
32148

Source: SECUNIA
Type: UNKNOWN
32316

Source: SECUNIA
Type: UNKNOWN
32746

Source: CCN
Type: SA35074
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
35074

Source: CCN
Type: SA35650
HP-UX Apache Web Server Suite Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
35650

Source: GENTOO
Type: UNKNOWN
GLSA-200811-05

Source: CCN
Type: SECTRACK ID: 1020995
PHP Buffer Overflow in explode() Function May Let Users Bypass Safe Mode Restrictions

Source: CCN
Type: Apple Web site
About the security content of Security Update 2009-002 / Mac OS X v10.5.7

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3549

Source: CCN
Type: ASA-2009-255
HPSBUX02431 SSRT090085 rev.1 - HP-UX Running Apache Web Server SuiteRemote Denial of Service (DoS) Execution of Arbitrary Code

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/Advisories:rPSA-2009-0035

Source: DEBIAN
Type: UNKNOWN
DSA-1647

Source: DEBIAN
Type: DSA-1647
php5 -- several vulnerabilities

Source: CCN
Type: GLSA-200811-05
PHP: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:021

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:022

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:023

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:024

Source: MLIST
Type: UNKNOWN
[oss-security] 20080808 CVE request: php-5.2.6 overflow issues

Source: MLIST
Type: UNKNOWN
[oss-security] 20080808 Re: CVE request: php-5.2.6 overflow issues

Source: MLIST
Type: UNKNOWN
[oss-security] 20080808 Re: CVE request: php-5.2.6 overflow issues

Source: MLIST
Type: UNKNOWN
[oss-security] 20080813 Re: CVE request: php-5.2.6 overflow issues

Source: CCN
Type: OSVDB ID: 47483
PHP memnstr() Function Unspecified Overflow

Source: CCN
Type: OSVDB ID: 47797
PHP memnstr Function explode Function delimiter Argument Overflow DoS

Source: CCN
Type: PHP News Archive
PHP 4.4.9 released!

Source: CONFIRM
Type: Patch
http://www.php.net/archive/2008.php#id2008-08-07-1

Source: CCN
Type: PHP 4 ChangeLog
Version 4.4.9

Source: CCN
Type: PHP Web site
PHP 4.4.9

Source: BUGTRAQ
Type: UNKNOWN
20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl

Source: SECTRACK
Type: UNKNOWN
1020995

Source: CCN
Type: TLSA-2009-2
Multiple vulnerabilities exist in php

Source: CCN
Type: USN-720-1
PHP vulnerabilities

Source: CERT
Type: US Government Resource
TA09-133A

Source: VUPEN
Type: UNKNOWN
ADV-2008-2336

Source: VUPEN
Type: UNKNOWN
ADV-2009-1297

Source: XF
Type: UNKNOWN
php-memnstr-bo(44405)

Source: XF
Type: UNKNOWN
php-memnstr-bo(44405)

Source: SUSE
Type: SUSE-SR:2008:018
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2008:021
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:4.4.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.8:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:4.4.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.8:-:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.59:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.27:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20083659
    V
    		CVE-2008-3659
    2017-09-27
    oval:org.mitre.oval:def:13729
    P
    		USN-720-1 -- php5 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:8084
    P
    		DSA-1647 php5 -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:20236
    P
    		DSA-1647-1 php5 - several vulnerabilities
    2014-06-23
    oval:org.debian:def:1647
    V
    		several vulnerabilities
    2008-10-07
    BACK
    php php 4.4.0
    php php 4.4.1
    php php 4.4.2
    php php 4.4.3
    php php 4.4.4
    php php 4.4.5
    php php 4.4.6
    php php 4.4.7
    php php 4.4.8
    php php 5.2.0
    php php 5.2.1
    php php 5.2.2
    php php 5.2.3
    php php 5.2.4
    php php 5.2.5
    php php 5.2.6
    php php 4.4.0
    php php 4.4.2
    php php 4.4.3
    php php 5.2.0
    php php 5.2.1
    php php 4.4.6
    php php 4.4.5
    php php 4.4.7
    php php 5.2.3
    apple mac os x 10.5
    apple mac os x server 10.5
    apple mac os x 10.5.1
    apple mac os x server 10.5.1
    apple mac os x 10.5.2
    apple mac os x server 10.5.2
    php php 4.4.1
    php php 4.4.4
    php php 5.2.2
    php php 5.2.4
    php php 5.2.5
    php php 5.2.6
    apple mac os x server 10.5.3
    apple mac os x 10.5.3
    php php 4.4.8
    apple mac os x 10.5.4
    apple mac os x server 10.5.4
    apple mac os x 10.5.5
    apple mac os x server 10.5.5
    apple mac os x 10.5.6
    apple mac os x server 10.5.6
    gentoo linux *
    hp hp-ux b.11.11
    hp hp-ux b.11.23
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake multi network firewall 2.0
    canonical ubuntu 6.06
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux fuji
    turbolinux turbolinux personal *
    turbolinux turbolinux multimedia *
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    hp hp-ux b.11.31
    apache http server 2.0.59
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.1 x86_64
    mandrakesoft mandrake linux 2008.1
    canonical ubuntu 8.04
    apache http server 2.2.8
    mandriva linux 2009.0
    mandriva linux 2009.0 -
    apache tomcat 5.5.27