PHP 'imageRotate()' Uninitialized Memory Information Disclosure Vulnerability

Bugtraq ID:	33002
Class:	Boundary Condition Error
CVE:	CVE-2008-5498
Remote:	Yes
Local:	No
Published:	Dec 24 2008 12:00AM
Updated:	Jun 30 2009 05:09PM
Credit:	Hamid Ebadi
Vulnerable:	Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 11 x64 Turbolinux Turbolinux Server 11 Turbolinux Turbolinux Server 10.0.0 x64 TurboLinux Personal TurboLinux Multimedia Turbolinux Client 2008 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Turbolinux Appliance Server 3.0 x64 Turbolinux Appliance Server 3.0 Turbolinux Appliance Server 2.0 Slackware Linux 12.2 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux 11.0 Slackware Linux -current S.u.S.E. SUSE Linux Enterprise Server 11 + Linux kernel 2.6.5 S.u.S.E. SUSE Linux Enterprise Server 10 S.u.S.E. openSUSE 11.1 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 RedHat Fedora 9 0 RedHat Fedora 10 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux Desktop version 4 RedHat Enterprise Linux 5 server RedHat Desktop 3.0 RedHat Application Stack v2 0 PHP PHP 5.2.8 PHP PHP 5.2.7 PHP PHP 5.2.6 PHP PHP 5.2.5 PHP PHP 5.2.4 PHP PHP 5.2.3 PHP PHP 5.2.2 PHP PHP 5.2.1 + Ubuntu Ubuntu Linux 7.04 sparc + Ubuntu Ubuntu Linux 7.04 powerpc + Ubuntu Ubuntu Linux 7.04 i386 + Ubuntu Ubuntu Linux 7.04 amd64 PHP PHP 5.1.6 PHP PHP 5.1.5 PHP PHP 5.1.4 PHP PHP 5.1.3 PHP PHP 5.1.3 PHP PHP 5.1.2 + Ubuntu Ubuntu Linux 6.06 LTS sparc + Ubuntu Ubuntu Linux 6.06 LTS powerpc + Ubuntu Ubuntu Linux 6.06 LTS i386 + Ubuntu Ubuntu Linux 6.06 LTS amd64 PHP PHP 5.1.1 PHP PHP 5.1 PHP PHP 5.0.5 PHP PHP 5.0.4 PHP PHP 5.0.3 + Trustix Secure Linux 2.2 PHP PHP 5.0.2 PHP PHP 5.0.1 PHP PHP 5.0 candidate 3 PHP PHP 5.0 candidate 2 PHP PHP 5.0 candidate 1 PHP PHP 5.0 .0 PHP PHP 5.2 + Debian Linux 4.0 sparc + Debian Linux 4.0 s/390 + Debian Linux 4.0 powerpc + Debian Linux 4.0 mipsel + Debian Linux 4.0 mips + Debian Linux 4.0 m68k + Debian Linux 4.0 ia-64 + Debian Linux 4.0 ia-32 + Debian Linux 4.0 hppa + Debian Linux 4.0 arm + Debian Linux 4.0 amd64 + Debian Linux 4.0 alpha + Debian Linux 4.0 Pardus Linux 2008 0 MandrakeSoft Linux Mandrake 2009.0 x86_64 MandrakeSoft Linux Mandrake 2009.0 MandrakeSoft Linux Mandrake 2008.1 x86_64 MandrakeSoft Linux Mandrake 2008.1 MandrakeSoft Linux Mandrake 2008.0 x86_64 MandrakeSoft Linux Mandrake 2008.0 HP HP-UX B.11.31 HP HP-UX B.11.23 HP HP-UX B.11.11 Avaya Voice Portal 4.1 Avaya Voice Portal 4.0 Avaya SIP Enablement Services 3.1.2 Avaya SIP Enablement Services 3.1.1 Avaya SIP Enablement Services 5.1 Avaya SIP Enablement Services 5.0 Avaya SIP Enablement Services 4.0 Avaya SIP Enablement Services 3.1 Avaya SIP Enablement Services 3.0 Avaya Message Networking MN 3.1 Avaya Message Networking 3.1 Avaya Message Networking Avaya Intuity AUDIX LX 2.0 SP2 Avaya Intuity AUDIX LX 2.0 SP1 Avaya Intuity AUDIX LX 2.0 Avaya Intuity AUDIX LX 1.0 Avaya Communication Manager 4.0.3 SP1 Avaya Communication Manager 5.1 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Communication Manager 5.0 SP3 Avaya Communication Manager 5.0 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Communication Manager 4.0 Avaya AES 4.2.2 Avaya AES 4.2.1 Avaya AES 4.0.1 Avaya AES 3.1.6 Avaya AES 3.1.5 Avaya AES 3.1.4 Avaya AES 3.1.3 Avaya AES 4.2 Avaya AES 4.1 Avaya AES 4.0 Avaya AES 3.1 Avaya AES 3.0

Not Vulnerable:	PHP PHP 5.2.9