Vulnerability CVE-2008-5624 - CERT Civis.Net

Vulnerability Name:

CVE-2008-5624 (CCN-47318)

Assigned:

2008-12-05

Published:

2008-12-05

Updated:

2018-10-11

Summary:

PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting of /etc for the error_log variable.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: BugTraq Mailing List, Sat Dec 06 2008 - 13:40:48 CST
SecurityReason: PHP 5.2.6 SAPI php_getuid() overload

Source: MITRE
Type: CNA
CVE-2008-5624

Source: CCN
Type: HP Security Bulletin HPSBUX02431 SSRT090085 rev.1
HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Execution of Arbitrary Code

Source: HP
Type: UNKNOWN
SSRT090085

Source: HP
Type: UNKNOWN
HPSBUX02465

Source: OSVDB
Type: UNKNOWN
50483

Source: OSVDB
Type: UNKNOWN
52207

Source: SECUNIA
Type: UNKNOWN
35003

Source: CCN
Type: SA35650
HP-UX Apache Web Server Suite Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
35650

Source: CCN
Type: SecurityReason SecurityAlert : 59
PHP 5.2.6 SAPI php_getuid() overload

Source: SREASONRES
Type: Exploit
20081205 PHP 5.2.6 SAPI php_getuid() overload

Source: CCN
Type: ASA-2009-255
HPSBUX02431 SSRT090085 rev.1 - HP-UX Running Apache Web Server SuiteRemote Denial of Service (DoS) Execution of Arbitrary Code

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/Advisories:rPSA-2009-0035

Source: DEBIAN
Type: UNKNOWN
DSA-1789

Source: DEBIAN
Type: DSA-1789
php5 -- several vulnerabilities

Source: CCN
Type: GLSA-201001-03
PHP: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:045

Source: CCN
Type: OSVDB ID: 50483
PHP BG(page_*id) Variable Initialization Unspecified Issue

Source: CCN
Type: OSVDB ID: 52207
PHP SAPI php_getuid() Function Security Restriction Bypass

Source: CCN
Type: PHP Web site
PHP: Hypertext Preprocessor

Source: CONFIRM
Type: UNKNOWN
http://www.php.net/ChangeLog-5.php#5.2.7

Source: BUGTRAQ
Type: UNKNOWN
20081206 SecurityReason: PHP 5.2.6 SAPI php_getuid() overload

Source: BUGTRAQ
Type: UNKNOWN
20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl

Source: BID
Type: UNKNOWN
32688

Source: CCN
Type: BID-32688
PHP SAPI 'php_getuid()' Safe Mode Restriction-Bypass Vulnerability

Source: CCN
Type: TLSA-2009-7
Multiple vulnerabilities exist in php

Source: CCN
Type: USN-720-1
PHP vulnerabilities

Source: XF
Type: UNKNOWN
php-getuid-safemode-bypass(47318)

Source: XF
Type: UNKNOWN
php-getuid-safemode-bypass(47318)

Source: SUSE
Type: SUSE-SR:2010:005
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.4:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.6:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.7:-:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.4:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.6:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.7:-:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:2.0.59:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

OR cpe:/a:apache:http_server:2.2.8:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.27:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20085624	V	CVE-2008-5624	2022-05-20
oval:org.opensuse.security:def:31707	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:31302	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:31658	P	Security update for the Linux Kernel (Important)	2021-07-22
oval:org.opensuse.security:def:31224	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:31210	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:42077	P	Security update for curl (Moderate)	2021-05-26
oval:org.opensuse.security:def:31150	P	Security update for xorg-x11-server (Important)	2021-04-14
oval:org.opensuse.security:def:31748	P	Security update for openssl (Moderate)	2021-03-24
oval:org.opensuse.security:def:31746	P	Security update for wavpack (Important)	2021-03-24
oval:org.opensuse.security:def:31359	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:31356	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:35524	P	apache2-mod_php5-5.2.6-50.24.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35670	P	apache2-mod_php5-5.2.14-0.7.24.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41931	P	apache2-mod_php5-5.2.6-50.24.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25279	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25807	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25233	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25900	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:30992	P	Security update for jakarta-taglibs-standard (Important)	2020-12-01
oval:org.opensuse.security:def:31602	P	Security update for tomcat6	2020-12-01
oval:org.opensuse.security:def:31505	P	Security update for python27 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26524	P	apache2-mod_php5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25360	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:25997	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25297	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:25939	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:30993	P	Security update for jasper	2020-12-01
oval:org.opensuse.security:def:31592	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25417	P	Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26635	P	quagga on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25425	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:25953	P	Security update for gcc48 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31004	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31138	P	Security update for lcms	2020-12-01
oval:org.opensuse.security:def:25501	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:26670	P	apache2-mod_php5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25506	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:31812	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:31078	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31139	P	Security update for less (Moderate)	2020-12-01
oval:org.opensuse.security:def:31804	P	Security update for ant (Moderate)	2020-12-01
oval:org.opensuse.security:def:25075	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25652	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25563	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:32450	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:31768	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31853	P	Security update for coreutils (Important)	2020-12-01
oval:org.opensuse.security:def:25076	P	Security update for cpio (Moderate)	2020-12-01
oval:org.opensuse.security:def:25705	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25647	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:32489	P	apache2-mod_php5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31958	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31892	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:25087	P	Security update for strongswan (Important)	2020-12-01
oval:org.opensuse.security:def:25754	P	Security update for flash-player (Moderate)	2020-12-01
oval:org.opensuse.security:def:25221	P	Security update for sysstat (Moderate)	2020-12-01
oval:org.opensuse.security:def:25798	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:32596	P	postgresql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31914	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25151	P	Security update for file-roller (Low)	2020-12-01
oval:org.opensuse.security:def:25793	P	Security update for icedtea-web (Moderate)	2020-12-01
oval:org.opensuse.security:def:25222	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25851	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.opensuse.security:def:31446	P	Security update for popt	2020-12-01
oval:org.opensuse.security:def:32635	P	apache2-mod_php5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31448	P	Security update for postgresql-init (Moderate)	2020-12-01
oval:org.opensuse.security:def:26489	P	Security update for php7-imagick (Moderate)	2020-12-01
oval:org.mitre.oval:def:13729	P	USN-720-1 -- php5 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:8164	P	DSA-1789 php5 -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:13696	P	DSA-1789-1 php5 -- several	2014-06-23
oval:org.debian:def:1789	V	several vulnerabilities	2009-05-04