Skip to navigation

Security Advisory php security update

Advisory: RHSA-2002:214-11
Type: Security Advisory
Severity: Moderate
Issued on: 2003-02-06
Last updated on: 2003-02-05
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2002-0985
CVE-2002-0986

Details

PHP versions up to and including 4.2.2 contain vulnerabilities in the mail()
function, allowing local script authors to bypass safe mode restrictions
and possibly allowing remote attackers to insert arbitrary mail headers or
content.

[Updated 13 Jan 2003]
Added fixed packages for the Itanium (IA64) architecture.

[Updated 06 Feb 2003]
Added fixed packages for Advanced Workstation 2.1

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP server.

The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to the
MTA (such as sendmail) in the 5th argument to mail(), altering MTA
behavior and possibly executing arbitrary local commands.

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy."

Script authors should note that all input data should be checked for
unsafe data by any PHP scripts which call functions such as mail().

Note that this PHP errata, as did RHSA-2002:129, enforces memory limits on
the size of the PHP process to prevent a badly generated script from
becoming a possible source for a denial of service attack. The default
process size is 8Mb, though you can adjust this as you deem necessary
through the php.ini directive memory_limit. For example, to change the
process memory limit to 4MB, add the following:

memory_limit 4194304

Important Note:
There are special instructions you should follow regarding your
/etc/php.ini configuration file in the "Solution" section below.


Solution

Note that the /etc/php.ini configuration file is not replaced or
overwritten. You should carefully review your configuration file and adapt
it to your server or service functions.

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
php-4.1.2-2.1.6.src.rpm
File outdated by:  RHSA-2008:0546		     MD5: 34c7615057d7742aceabdac179b55f42
php-4.1.2-2.1.6.src.rpm
File outdated by:  RHSA-2008:0546		     MD5: 34c7615057d7742aceabdac179b55f42
 
IA-32:
php-4.1.2-2.1.6.i386.rpm
File outdated by:  RHSA-2008:0546		     MD5: 8a3de3aea4b818cd7e155b7011d2b94c
php-devel-4.1.2-2.1.6.i386.rpm
File outdated by:  RHSA-2008:0546		     MD5: 102aca8e459630ced58ee9ad98aac6f6
php-imap-4.1.2-2.1.6.i386.rpm
File outdated by:  RHSA-2008:0546		     MD5: c7bb5088e6e30e0f9b32843fa09c8510
php-ldap-4.1.2-2.1.6.i386.rpm
File outdated by:  RHSA-2008:0546		     MD5: 2836fafbec06e776ad7e2d7c3b23a608
php-manual-4.1.2-2.1.6.i386.rpm
File outdated by:  RHSA-2008:0546		     MD5: 240fe3ede9fab4865d9f0cd98e74b623
php-mysql-4.1.2-2.1.6.i386.rpm
File outdated by:  RHSA-2008:0546		     MD5: 925df30e774bc39536807e3d11ab3c0d
php-odbc-4.1.2-2.1.6.i386.rpm
File outdated by:  RHSA-2008:0546		     MD5: 1c8d0e8df23407d46acd0bbdc36f7354
php-pgsql-4.1.2-2.1.6.i386.rpm
File outdated by:  RHSA-2008:0546		     MD5: 0a6a657f27b07f3c84b114c93e74ea8d
 
IA-64:
php-4.1.2-2.1.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     MD5: f65976ef5283fef169fdea9bd5226abd
php-devel-4.1.2-2.1.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     MD5: 9ffef29eb0ad6334e1c6bc3d5cf13855
php-imap-4.1.2-2.1.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     MD5: 654dc6cccc3f7c42f8874f10d234eacf
php-ldap-4.1.2-2.1.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     MD5: 201ef6fb8eb378c328f4d8aa7bac40b8
php-manual-4.1.2-2.1.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     MD5: 13368d79d0144fa31d5b5d7ea21cb4dd
php-mysql-4.1.2-2.1.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     MD5: 92fd4c3afec690a8505b452ba33f2053
php-odbc-4.1.2-2.1.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     MD5: fc69a440af898fd36a91dff9deab39f0
php-pgsql-4.1.2-2.1.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     MD5: 8a1dd6db7fb9bb640f770d9f906e9672
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
php-4.1.2-2.1.6.src.rpm
File outdated by:  RHSA-2008:0546		     MD5: 34c7615057d7742aceabdac179b55f42
php-4.1.2-2.1.6.src.rpm
File outdated by:  RHSA-2008:0546		     MD5: 34c7615057d7742aceabdac179b55f42
 
IA-64:
php-4.1.2-2.1.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     MD5: f65976ef5283fef169fdea9bd5226abd
php-devel-4.1.2-2.1.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     MD5: 9ffef29eb0ad6334e1c6bc3d5cf13855
php-imap-4.1.2-2.1.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     MD5: 654dc6cccc3f7c42f8874f10d234eacf
php-ldap-4.1.2-2.1.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     MD5: 201ef6fb8eb378c328f4d8aa7bac40b8
php-manual-4.1.2-2.1.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     MD5: 13368d79d0144fa31d5b5d7ea21cb4dd
php-mysql-4.1.2-2.1.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     MD5: 92fd4c3afec690a8505b452ba33f2053
php-odbc-4.1.2-2.1.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     MD5: fc69a440af898fd36a91dff9deab39f0
php-pgsql-4.1.2-2.1.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     MD5: 8a1dd6db7fb9bb640f770d9f906e9672
 

Bugs fixed (see bugzilla for more information)

74494 - New PHP packages fix vulnerability in mail function


References

https://www.redhat.com/security/data/cve/CVE-2002-0985.html
https://www.redhat.com/security/data/cve/CVE-2002-0986.html
http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204

Keywords

mail, PHP, safemode

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/