CVE-2008-0599

NameCVE-2008-0599
DescriptionThe init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDTSA-135-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php4sourceetch(not affected)
php5sourceetch(not affected)
php5sourcelenny5.2.5-3+lenny1DTSA-135-1
php5source(unstable)5.2.6-1

Notes

[etch] - php5 <not-affected> (Vulnerable code not yet present, introduced in 5.2.3)
[etch] - php4 <not-affected> (Vulnerable code not yet present, introduced in 5.2.3)
Search for package or bug name: Reporting problems