ID

VAR-200804-0039


CVE

CVE-2008-1026


TITLE

Multiple PHP XML-RPC implementations vulnerable to code injection

Trust: 0.8

sources: CERT/CC: VU#442845

DESCRIPTION

Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.The specific flaw exists in the regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in WebKit. Apple Safari is prone to a buffer-overflow vulnerability. Other attacks are also possible. This issue affects versions prior to Apple Safari 3.1.1 running on the following platforms: Mac OS X v10.4.11 Mac OS X Server v10.4.11 Mac OS X v10.5.2 Mac OS X Server v10.5.2 Windows XP Windows Vista. Safari is the WEB browser bundled with the Apple family operating system by default. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability SECUNIA ADVISORY ID: SA15884 VERIFY ADVISORY: http://secunia.com/advisories/15884/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/ DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA15852 SOLUTION: Update to version 2.0.5. http://sourceforge.net/project/showfiles.php?group_id=36679 OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ZDI-08-022: Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-022 April 16, 2008 -- CVE ID: CVE-2008-1026 -- Affected Vendors: Apple -- Affected Products: Apple Safari -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6031. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT1467 -- Disclosure Timeline: 2008-03-27 - Vulnerability reported to vendor 2008-04-16 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Charlie Miller, Jake Honoroff and Mark Daniel -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster@3com.com. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 3.51

sources: NVD: CVE-2008-1026 // CERT/CC: VU#442845 // JVNDB: JVNDB-2008-001322 // ZDI: ZDI-08-022 // BID: 28815 // VULHUB: VHN-31151 // PACKETSTORM: 38390 // PACKETSTORM: 65589

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:3.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:3

Trust: 1.3

vendor:drupalmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:mandrivamodel: - scope: - version: -

Trust: 0.8

vendor:pear xml rpcmodel: - scope: - version: -

Trust: 0.8

vendor:phpxmlrpcmodel: - scope: - version: -

Trust: 0.8

vendor:postnukemodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:serendipitymodel: - scope: - version: -

Trust: 0.8

vendor:trustix secure linuxmodel: - scope: - version: -

Trust: 0.8

vendor:ubuntu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:wordpressmodel: - scope: - version: -

Trust: 0.8

vendor:xoopsmodel: - scope: - version: -

Trust: 0.8

vendor:phpmyfaqmodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:safariscope:ltversion:version

Trust: 0.8

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.8

vendor:applemodel:safariscope: - version: -

Trust: 0.7

vendor:microsoftmodel:windows vistascope: - version: -

Trust: 0.6

vendor:microsoftmodel:windows xpscope: - version: -

Trust: 0.6

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:safariscope:neversion:3.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:neversion:2.0

Trust: 0.3

vendor:applemodel:iphonescope:neversion:2.0

Trust: 0.3

sources: CERT/CC: VU#442845 // ZDI: ZDI-08-022 // BID: 28815 // JVNDB: JVNDB-2008-001322 // CNNVD: CNNVD-200804-274 // NVD: CVE-2008-1026

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-1026
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#442845
value: 20.75

Trust: 0.8

NVD: CVE-2008-1026
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200804-274
value: MEDIUM

Trust: 0.6

VULHUB: VHN-31151
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-1026
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-31151
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#442845 // VULHUB: VHN-31151 // JVNDB: JVNDB-2008-001322 // CNNVD: CNNVD-200804-274 // NVD: CVE-2008-1026

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-31151 // JVNDB: JVNDB-2008-001322 // NVD: CVE-2008-1026

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 65589 // CNNVD: CNNVD-200804-274

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200804-274

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-001322

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-31151

PATCH

title:Safari 3.1.1url:http://support.apple.com/kb/HT1467

Trust: 1.5

title:iPhone v2.0 and iPod touch v2.0url:http://support.apple.com/kb/HT2351

Trust: 0.8

title:Safari 3.1.1url:http://support.apple.com/kb/HT1467?viewlocale=ja_JP

Trust: 0.8

title:iPhone v2.0 and iPod touch v2.0url:http://support.apple.com/kb/HT2351?viewlocale=ja_JP&locale=ja_JP

Trust: 0.8

sources: ZDI: ZDI-08-022 // JVNDB: JVNDB-2008-001322

EXTERNAL IDS

db:NVDid:CVE-2008-1026

Trust: 3.6

db:ZDIid:ZDI-08-022

Trust: 2.8

db:BIDid:28815

Trust: 2.8

db:SECUNIAid:29846

Trust: 2.5

db:SECTRACKid:1019870

Trust: 2.5

db:SECUNIAid:31074

Trust: 1.7

db:VUPENid:ADV-2008-2094

Trust: 1.7

db:VUPENid:ADV-2008-1250

Trust: 1.7

db:SREASONid:3815

Trust: 1.7

db:XFid:41859

Trust: 1.4

db:SECUNIAid:15884

Trust: 0.9

db:SECUNIAid:15810

Trust: 0.8

db:SECUNIAid:15922

Trust: 0.8

db:SECUNIAid:15852

Trust: 0.8

db:SECUNIAid:15855

Trust: 0.8

db:SECUNIAid:15861

Trust: 0.8

db:SECUNIAid:15862

Trust: 0.8

db:SECUNIAid:15872

Trust: 0.8

db:SECUNIAid:15883

Trust: 0.8

db:SECUNIAid:15895

Trust: 0.8

db:BIDid:14088

Trust: 0.8

db:SECTRACKid:1014327

Trust: 0.8

db:CERT/CCid:VU#442845

Trust: 0.8

db:JVNDBid:JVNDB-2008-001322

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-303

Trust: 0.7

db:CNNVDid:CNNVD-200804-274

Trust: 0.7

db:APPLEid:APPLE-SA-2008-07-11

Trust: 0.6

db:APPLEid:APPLE-SA-2008-04-16

Trust: 0.6

db:BUGTRAQid:20080416 ZDI-08-022: APPLE SAFARI WEBKIT PCRE HANDLING INTEGER OVERFLOW VULNERABILITY

Trust: 0.6

db:PACKETSTORMid:65589

Trust: 0.2

db:VULHUBid:VHN-31151

Trust: 0.1

db:PACKETSTORMid:38390

Trust: 0.1

sources: CERT/CC: VU#442845 // ZDI: ZDI-08-022 // VULHUB: VHN-31151 // BID: 28815 // JVNDB: JVNDB-2008-001322 // PACKETSTORM: 38390 // PACKETSTORM: 65589 // CNNVD: CNNVD-200804-274 // NVD: CVE-2008-1026

REFERENCES

url:http://support.apple.com/kb/ht1467

Trust: 2.8

url:http://www.securityfocus.com/bid/28815

Trust: 2.5

url:http://www.securitytracker.com/id?1019870

Trust: 2.5

url:http://secunia.com/advisories/29846

Trust: 2.5

url:http://www.zerodayinitiative.com/advisories/zdi-08-022

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2008/apr/msg00001.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2008//jul/msg00001.html

Trust: 1.7

url:http://secunia.com/advisories/31074

Trust: 1.7

url:http://securityreason.com/securityalert/3815

Trust: 1.7

url:http://www.frsirt.com/english/advisories/2008/1250/references

Trust: 1.4

url:http://xforce.iss.net/xforce/xfdb/41859

Trust: 1.4

url:http://www.securityfocus.com/archive/1/490990/100/0/threaded

Trust: 1.1

url:http://www.vupen.com/english/advisories/2008/1250/references

Trust: 1.1

url:http://www.vupen.com/english/advisories/2008/2094/references

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/41859

Trust: 1.1

url:http://secunia.com/advisories/15884/

Trust: 0.9

url:http://secunia.com/advisories/15852/

Trust: 0.9

url:http://www.hardened-php.net/advisory-022005.php

Trust: 0.8

url:http://secunia.com/advisories/15861/

Trust: 0.8

url:http://secunia.com/advisories/15862/

Trust: 0.8

url:http://secunia.com/advisories/15895/

Trust: 0.8

url:http://secunia.com/advisories/15883/

Trust: 0.8

url:http://news.postnuke.com/modules.php?op=modload&name=news&file=article&sid=2699

Trust: 0.8

url:http://secunia.com/advisories/15855/

Trust: 0.8

url:http://secunia.com/advisories/15810/

Trust: 0.8

url:http://secunia.com/advisories/15872/

Trust: 0.8

url:http://secunia.com/advisories/15922/

Trust: 0.8

url:http://securitytracker.com/alerts/2005/jun/1014327.html

Trust: 0.8

url:http://www.gulftech.org/?node=research&article_id=00088-07022005

Trust: 0.8

url:http://www.gulftech.org/?node=research&article_id=00087-07012005

Trust: 0.8

url:http://www.securityfocus.com/bid/14088

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1026

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1026

Trust: 0.8

url:http://www.securityfocus.com/archive/1/archive/1/490990/100/0/threaded

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2008/2094/references

Trust: 0.6

url:http://www.apple.com/safari/

Trust: 0.3

url:/archive/1/490990

Trust: 0.3

url:http://www.zerodayinitiative.com/advisories/zdi-08-022/

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/4577/

Trust: 0.1

url:http://secunia.com/secunia_vacancies/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://sourceforge.net/project/showfiles.php?group_id=36679

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://www.zerodayinitiative.com/advisories/disclosure_policy/

Trust: 0.1

url:http://secunia.com/

Trust: 0.1

url:http://www.tippingpoint.com

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-1026

Trust: 0.1

url:http://www.zerodayinitiative.com

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

sources: CERT/CC: VU#442845 // ZDI: ZDI-08-022 // VULHUB: VHN-31151 // BID: 28815 // JVNDB: JVNDB-2008-001322 // PACKETSTORM: 38390 // PACKETSTORM: 65589 // CNNVD: CNNVD-200804-274 // NVD: CVE-2008-1026

CREDITS

Charlie Miller, Jake Honoroff and Mark Daniel

Trust: 0.7

sources: ZDI: ZDI-08-022

SOURCES

db:CERT/CCid:VU#442845
db:ZDIid:ZDI-08-022
db:VULHUBid:VHN-31151
db:BIDid:28815
db:JVNDBid:JVNDB-2008-001322
db:PACKETSTORMid:38390
db:PACKETSTORMid:65589
db:CNNVDid:CNNVD-200804-274
db:NVDid:CVE-2008-1026

LAST UPDATE DATE

2024-11-23T20:20:42.907000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#442845date:2007-03-09T00:00:00
db:ZDIid:ZDI-08-022date:2008-04-16T00:00:00
db:VULHUBid:VHN-31151date:2018-10-11T00:00:00
db:BIDid:28815date:2008-07-11T19:49:00
db:JVNDBid:JVNDB-2008-001322date:2008-07-29T00:00:00
db:CNNVDid:CNNVD-200804-274date:2021-07-14T00:00:00
db:NVDid:CVE-2008-1026date:2024-11-21T00:43:29.397

SOURCES RELEASE DATE

db:CERT/CCid:VU#442845date:2005-07-06T00:00:00
db:ZDIid:ZDI-08-022date:2008-04-16T00:00:00
db:VULHUBid:VHN-31151date:2008-04-17T00:00:00
db:BIDid:28815date:2008-04-16T00:00:00
db:JVNDBid:JVNDB-2008-001322date:2008-05-13T00:00:00
db:PACKETSTORMid:38390date:2005-07-01T23:31:00
db:PACKETSTORMid:65589date:2008-04-16T22:08:34
db:CNNVDid:CNNVD-200804-274date:2008-04-17T00:00:00
db:NVDid:CVE-2008-1026date:2008-04-17T19:05:00