FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » General » PHP discussions » mail() vulnerability up to php 4.2.2
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
mail() vulnerability up to php 4.2.2 [message #7209] Tue, 12 November 2002 01:51 Go to next message
Olliver   Germany
Messages: 443
Registered: March 2002
Karma: 0
Senior Member
Hi,
just found this Redhat advisory, which may apply to all other folks using an older php version:
the original Redhat advisory

[...]PHP versions up to and including 4.2.2 contain vulnerabilities in the mail()
function allowing local script authors to bypass safe mode restrictions
and possibly allowing remote attackers to insert arbitrary mail headers and
content into the message.

2. Relevant releases/architectures:

Red Hat Linux 7.0 - alpha, i386
Red Hat Linux 7.1 - alpha, i386, ia64
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP server.

The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to the
MTA (such as Sendmail) in the fifth argument to mail(), altering MTA
behavior and possibly executing arbitrary local commands.

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy."

Script authors should note that all input data should be checked for
unsafe data by any PHP scripts which call functions such as mail().[...]

Those who can should upgrade their version. It's always a good idea to grab the latest cvs-stable-sources and build a binary of one's own.
bye
Olliver
Re: mail() vulnerability up to php 4.2.2 [message #7210 is a reply to message #7209] Tue, 12 November 2002 02:12 Go to previous message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
This vunreability is rather 'bogus', it only affects admins who think they've secured their PHP installation by using safe_mode. This particular 'vunreability' allow the user on the server to use PHP's mail() function to execute command by using the 5th argument.
This is fairly harmless since the commands will be executed as the user running the script, in web server enviroment the 'nobody' user...


FUDforum Core Developer
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: restricting access to binaries via php?
Next Topic: Help! mail() isn't working...
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 30 21:03:33 GMT 2024

Total time taken to generate the page: 0.07574 seconds