| mail() vulnerability up to php 4.2.2 [message #7209] |
Tue, 12 November 2002 01:51  |
Olliver
Messages: 443
Registered: March 2002
Karma:
|
Senior Member |
|
|
Hi,
just found this Redhat advisory, which may apply to all other folks using an older php version:
| the original Redhat advisory |
[...]PHP versions up to and including 4.2.2 contain vulnerabilities in the mail()
function allowing local script authors to bypass safe mode restrictions
and possibly allowing remote attackers to insert arbitrary mail headers and
content into the message.
2. Relevant releases/architectures:
Red Hat Linux 7.0 - alpha, i386
Red Hat Linux 7.1 - alpha, i386, ia64
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
3. Problem description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP server.
The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to the
MTA (such as Sendmail) in the fifth argument to mail(), altering MTA
behavior and possibly executing arbitrary local commands.
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy."
Script authors should note that all input data should be checked for
unsafe data by any PHP scripts which call functions such as mail().[...]
|
Those who can should upgrade their version. It's always a good idea to grab the latest cvs-stable-sources and build a binary of one's own.
bye
Olliver
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]