Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 221969 (CVE-2008-2829)

Summary: dev-lang/php uses insecure c-client calls resulting in buffer overflows (CVE-2008-2829)
Product: Gentoo Linux Reporter: Deniss Gaplevsky <slim>
Component: New packagesAssignee: PHP Bugs <php-bugs>
Status: RESOLVED FIXED    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://bugs.php.net/bug.php?id=42862
Whiteboard:
Package list:
Runtime testing required: ---

Description Deniss Gaplevsky 2008-05-13 17:02:26 UTC
php has known bugs against an old c-client library.
there is the net-libs/c-client-2006k already in portage.
Is it possible to add patch from http://bugs.php.net/bug.php?id=42862 and others ?


Reproducible: Always

Steps to Reproduce:
1. see http://bugs.php.net/bug.php?id=42862
2. 
3.

Actual Results:  
May 13 19:28:17 w19 php-cgi: IMAP toolkit crash: rfc822.c legacy routine buffer overflow
May 13 19:28:18 w19 php-cgi: IMAP toolkit crash: rfc822.c legacy routine buffer overflow
May 13 19:28:18 w19 php-cgi: IMAP toolkit crash: rfc822.c legacy routine buffer overflow
May 13 19:28:19 w19 php-cgi: IMAP toolkit crash: rfc822.c legacy routine buffer overflow
May 13 19:28:20 w19 php-cgi: IMAP toolkit crash: rfc822.c legacy routine buffer overflow

Expected Results:  
works well
Comment 1 Christian Hoffmann (RETIRED) gentoo-dev 2008-05-13 22:38:46 UTC
Reassigning to security.
We are going to patch it, I guess we need to review the mentioned patch again.

It's local DoS / code execution "only", so I'm not sure whether we should push -r2 just now or simply wait on the next bunch of sec fixes. Security?

Will take care of it tomorrow.
Comment 2 Christian Hoffmann (RETIRED) gentoo-dev 2008-05-13 22:40:13 UTC
Deniss, what other issues / patches are you referring to (besides the linked bug report)?
Comment 3 Deniss Gaplevsky 2008-05-14 00:50:20 UTC
Also sometimes I get following error, but cant figure out the reason nor google patch so far

May 13 22:57:16 w19 php-cgi: IMAP toolkit crash: Unable to look up user name
May 13 23:58:51 w19 php-cgi: IMAP toolkit crash: Unable to look up user name
May 13 23:58:51 w19 php-cgi: IMAP toolkit crash: Unable to look up user name
May 14 01:42:59 w19 php-cgi: IMAP toolkit crash: Unable to look up user name
May 14 01:43:16 w19 php-cgi: IMAP toolkit crash: Unable to look up user name
Comment 4 Christian Hoffmann (RETIRED) gentoo-dev 2008-05-15 13:53:03 UTC
Please open a seperate bug for that and also file an upstream [1] bug. Does PHP really crash (as the message says) or is it simply a "bug"? In the latter case it's probably not security-relevant, in the first it is.
Also, this might help: http://article.gmane.org/gmane.comp.horde.user/11777

[1] http://bugs.php.net/
Comment 5 Christian Hoffmann (RETIRED) gentoo-dev 2008-06-18 19:50:51 UTC
Had a look at the patch and talked to Pierre from upstream about it. The patch itself is fine, something similar (which does not break compatibility which very old c-client version [which we dont even ship anymore]) will probably be committed to upstream cvs in the near future.
The patch will be part of php-5.2.6-r1 which is supposed to hit the tree in the next few days, depending on the status of the other security bug.

I'm only refering to the initial problem. The other issues need more investigation and are unlikely to have any security impact. Please create a seperate bug report for them (also at upstream's bug tracker).
Comment 6 Christian Hoffmann (RETIRED) gentoo-dev 2008-06-24 09:28:45 UTC
We'll handle stabilization etc. in bug 228369.
Comment 7 Christian Hoffmann (RETIRED) gentoo-dev 2008-07-02 21:57:04 UTC
php-5.2.6-r2 with the relevant patch is in the tree. Moving this bug away from security again, we're handling the security part of this issue along with the other fixes in bug 230575.