Bug 445002 (CVE-2008-2050)

Summary: CVE-2008-2050 php: stack based buffer overflow in FastCGI SAPI
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jorton
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-03-29 09:45:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2008-05-02 17:52:44 UTC 
From the PHP 5.2.6 changelog:

* Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei
Nigmatulin.
Comment 1 Josh Bressers 2008-05-02 17:53:41 UTC 
The fix for this issue is here:
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u
Comment 3 Tomas Hoger 2008-05-05 08:24:15 UTC 
Affected code was introduced in PHP version 5.1.3:

  Version 5.1.3
  02-May-2006

  [ ... ]
    * Reimplemented FastCGI interface. (Dmitry)

http://www.php.net/ChangeLog-5.php#5.1.3
Comment 4 Joe Orton 2008-05-06 10:43:22 UTC 
There are two changes in the referenced patch:

1) the first appears to fix a case where an amount of uninitialized stack buffer
could be written to the FastCGI server.

2) the second appears to fix a buffer overflow which could be triggered by the
FastCGI server.

Since the FastCGI server is local trusted code and not under the control of an
attacker, I would say that these bugs do not have any impact on security.
Comment 5 Tomas Hoger 2010-03-29 09:45:36 UTC 
https://www.redhat.com/security/data/cve/CVE-2008-2050.html

  This issue does not affect the version of PHP shipped in Red Hat Enterprise
  Linux 2.1, 3, or 4.

  We do not consider this issue to be a security flaw for Red Hat Enterprise
  Linux 5 since no trust boundary is crossed.