Skip to navigation

Security Advisory New PHP packages fix vulnerability in mail function

Advisory: RHSA-2002:213-06
Type: Security Advisory
Severity: N/A
Issued on: 2002-11-11
Last updated on: 2002-11-04
Affected Products: Red Hat Linux 7.0
Red Hat Linux 7.1
Red Hat Linux 7.2
Red Hat Linux 7.3
CVEs (cve.mitre.org): CVE-2002-0985
CVE-2002-0986

Details

PHP versions up to and including 4.2.2 contain vulnerabilities in the mail()
function allowing local script authors to bypass safe mode restrictions
and possibly allowing remote attackers to insert arbitrary mail headers and
content into the message.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP server.

The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to the
MTA (such as Sendmail) in the fifth argument to mail(), altering MTA
behavior and possibly executing arbitrary local commands.

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy."

Script authors should note that all input data should be checked for
unsafe data by any PHP scripts which call functions such as mail().

Note that this PHP errata, as did RHSA-2002:102, enforces memory limits on
the size of the PHP process to prevent a badly generated script from
becoming a possible source for a denial of service attack. The default
process size is 8MB, though you can adjust this as you deem necessary
through the php.ini directive memory_limit. For example, to change the
process memory limit to 4MB, add the following:

memory_limit 4194304

Important Note:

There are special instructions you should follow regarding your
/etc/php.ini configuration file in the "Solution" section below.


Solution

Note that the /etc/php.ini configuration file is not replaced or
overwritten. You should carefully review your configuration file and adapt
it to your server or service functions.

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Linux 7.0

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/php/4.1.2-7.0.6/SRPMS/php-4.1.2-7.0.6.src.rpm
Missing file
    MD5: 90485525497c469a4ebad9f4cdb12df8
 
Alpha:
ftp://updates.redhat.com/rhn/repository/NULL/php/4.1.2-7.0.6/alpha/php-4.1.2-7.0.6.alpha.rpm
Missing file
    MD5: 084a7d46f430c3bbebb166e4e7dafccc
ftp://updates.redhat.com/rhn/repository/NULL/php-devel/4.1.2-7.0.6/alpha/php-devel-4.1.2-7.0.6.alpha.rpm
Missing file
    MD5: 94633a4880759a222f2bf80e8e819279
ftp://updates.redhat.com/rhn/repository/NULL/php-imap/4.1.2-7.0.6/alpha/php-imap-4.1.2-7.0.6.alpha.rpm
Missing file
    MD5: 95bb88ac38275e294c1050ac8997ca78
ftp://updates.redhat.com/rhn/repository/NULL/php-ldap/4.1.2-7.0.6/alpha/php-ldap-4.1.2-7.0.6.alpha.rpm
Missing file
    MD5: 06478932240a2aae3c248393c206ac18
ftp://updates.redhat.com/rhn/repository/NULL/php-manual/4.1.2-7.0.6/alpha/php-manual-4.1.2-7.0.6.alpha.rpm
Missing file
    MD5: 8ffee623bf1079478a2f8e0b3bc51e08
ftp://updates.redhat.com/rhn/repository/NULL/php-mysql/4.1.2-7.0.6/alpha/php-mysql-4.1.2-7.0.6.alpha.rpm
Missing file
    MD5: 9794474d1998299e5cbf87f43fad84f4
ftp://updates.redhat.com/rhn/repository/NULL/php-odbc/4.1.2-7.0.6/alpha/php-odbc-4.1.2-7.0.6.alpha.rpm
Missing file
    MD5: 3c9b5bd9d7018979f5e6922ac4c8b281
ftp://updates.redhat.com/rhn/repository/NULL/php-pgsql/4.1.2-7.0.6/alpha/php-pgsql-4.1.2-7.0.6.alpha.rpm
Missing file
    MD5: dd9307df88f26af9ca98ccd8eb9cb4a1
ftp://updates.redhat.com/rhn/repository/NULL/php-snmp/4.1.2-7.0.6/alpha/php-snmp-4.1.2-7.0.6.alpha.rpm
Missing file
    MD5: e88fc66b1bc54caa9e11c95b81fac09c
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/php/4.1.2-7.0.6/i386/php-4.1.2-7.0.6.i386.rpm
Missing file
    MD5: 2087ee40822db5d1e15ad45d0a6927a0
ftp://updates.redhat.com/rhn/repository/NULL/php-devel/4.1.2-7.0.6/i386/php-devel-4.1.2-7.0.6.i386.rpm
Missing file
    MD5: 1f890ae3e3811b0937d5d0fd75d80008
ftp://updates.redhat.com/rhn/repository/NULL/php-imap/4.1.2-7.0.6/i386/php-imap-4.1.2-7.0.6.i386.rpm
Missing file
    MD5: a198cd678bc2769ff4c90c85132a8377
ftp://updates.redhat.com/rhn/repository/NULL/php-ldap/4.1.2-7.0.6/i386/php-ldap-4.1.2-7.0.6.i386.rpm
Missing file
    MD5: 19a42e427909ae7e70d48df284916c8a
ftp://updates.redhat.com/rhn/repository/NULL/php-manual/4.1.2-7.0.6/i386/php-manual-4.1.2-7.0.6.i386.rpm
Missing file
    MD5: 886ce44baff31734f86fb6edb8b48f84
ftp://updates.redhat.com/rhn/repository/NULL/php-mysql/4.1.2-7.0.6/i386/php-mysql-4.1.2-7.0.6.i386.rpm
Missing file
    MD5: dedcbf8e54013deb1acb32fed15d54ee
ftp://updates.redhat.com/rhn/repository/NULL/php-odbc/4.1.2-7.0.6/i386/php-odbc-4.1.2-7.0.6.i386.rpm
Missing file
    MD5: 71dde819dad0e0f64b38eba29da5d886
ftp://updates.redhat.com/rhn/repository/NULL/php-pgsql/4.1.2-7.0.6/i386/php-pgsql-4.1.2-7.0.6.i386.rpm
Missing file
    MD5: a8c53e2406a1030570f56ea638929c1b
ftp://updates.redhat.com/rhn/repository/NULL/php-snmp/4.1.2-7.0.6/i386/php-snmp-4.1.2-7.0.6.i386.rpm
Missing file
    MD5: 1beb7c51989d53d7c69f9789cc66f9f4
 
Red Hat Linux 7.1

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/php/4.1.2-7.1.6/SRPMS/php-4.1.2-7.1.6.src.rpm
Missing file
    MD5: 6aa08613e86ec4b0751ecef7c59dd776
 
Alpha:
ftp://updates.redhat.com/rhn/repository/NULL/php/4.1.2-7.1.6/alpha/php-4.1.2-7.1.6.alpha.rpm
Missing file
    MD5: c998281ee18aa0eca71f2016389303df
ftp://updates.redhat.com/rhn/repository/NULL/php-devel/4.1.2-7.1.6/alpha/php-devel-4.1.2-7.1.6.alpha.rpm
Missing file
    MD5: 9d84c486e9a3ba7cc06ded6266fec4cd
ftp://updates.redhat.com/rhn/repository/NULL/php-imap/4.1.2-7.1.6/alpha/php-imap-4.1.2-7.1.6.alpha.rpm
Missing file
    MD5: 535159e4058e4071da35b7aca17480d9
ftp://updates.redhat.com/rhn/repository/NULL/php-ldap/4.1.2-7.1.6/alpha/php-ldap-4.1.2-7.1.6.alpha.rpm
Missing file
    MD5: 4da8201f746aef01814a65ab91de11cb
ftp://updates.redhat.com/rhn/repository/NULL/php-manual/4.1.2-7.1.6/alpha/php-manual-4.1.2-7.1.6.alpha.rpm
Missing file
    MD5: b1ee6cd91a2bc9419360fb8e19db3799
ftp://updates.redhat.com/rhn/repository/NULL/php-mysql/4.1.2-7.1.6/alpha/php-mysql-4.1.2-7.1.6.alpha.rpm
Missing file
    MD5: 6915c0b726d8e940aa9ea1186e7fac01
ftp://updates.redhat.com/rhn/repository/NULL/php-odbc/4.1.2-7.1.6/alpha/php-odbc-4.1.2-7.1.6.alpha.rpm
Missing file
    MD5: 2ad85a017151c67500274b705eb63068
ftp://updates.redhat.com/rhn/repository/NULL/php-pgsql/4.1.2-7.1.6/alpha/php-pgsql-4.1.2-7.1.6.alpha.rpm
Missing file
    MD5: 55e772bb4fa8a0c4f374fa765bc4dd50
ftp://updates.redhat.com/rhn/repository/NULL/php-snmp/4.1.2-7.1.6/alpha/php-snmp-4.1.2-7.1.6.alpha.rpm
Missing file
    MD5: 473568869164589f88e3ab6b5ccfd740
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/php/4.1.2-7.1.6/i386/php-4.1.2-7.1.6.i386.rpm
Missing file
    MD5: 5dc6df9aea830c63e53de060f09eab35
ftp://updates.redhat.com/rhn/repository/NULL/php-devel/4.1.2-7.1.6/i386/php-devel-4.1.2-7.1.6.i386.rpm
Missing file
    MD5: 50e5e688c8b96b39aabc60fb21c31117
ftp://updates.redhat.com/rhn/repository/NULL/php-imap/4.1.2-7.1.6/i386/php-imap-4.1.2-7.1.6.i386.rpm
Missing file
    MD5: 453ae087a6c61ebf2243438721f38f76
ftp://updates.redhat.com/rhn/repository/NULL/php-ldap/4.1.2-7.1.6/i386/php-ldap-4.1.2-7.1.6.i386.rpm
Missing file
    MD5: a3e13d3311c0e42f8afdc8bcc5d6febb
ftp://updates.redhat.com/rhn/repository/NULL/php-manual/4.1.2-7.1.6/i386/php-manual-4.1.2-7.1.6.i386.rpm
Missing file
    MD5: 439133a1fbc04fbf416c0969192f8863
ftp://updates.redhat.com/rhn/repository/NULL/php-mysql/4.1.2-7.1.6/i386/php-mysql-4.1.2-7.1.6.i386.rpm
Missing file
    MD5: 585169e96d346ef0b40f31a3e8a10acf
ftp://updates.redhat.com/rhn/repository/NULL/php-odbc/4.1.2-7.1.6/i386/php-odbc-4.1.2-7.1.6.i386.rpm
Missing file
    MD5: 3a10578944aa7f8b3644161f80cc508b
ftp://updates.redhat.com/rhn/repository/NULL/php-pgsql/4.1.2-7.1.6/i386/php-pgsql-4.1.2-7.1.6.i386.rpm
Missing file
    MD5: 86289d09f17a996bb2ba10195f19e4db
ftp://updates.redhat.com/rhn/repository/NULL/php-snmp/4.1.2-7.1.6/i386/php-snmp-4.1.2-7.1.6.i386.rpm
Missing file
    MD5: f1d0a3e7b156cfc1456e530bed0f24d9
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/php/4.1.2-7.1.6/ia64/php-4.1.2-7.1.6.ia64.rpm
Missing file
    MD5: 756fb7a0f1cf9e553336985b457ca031
ftp://updates.redhat.com/rhn/repository/NULL/php-devel/4.1.2-7.1.6/ia64/php-devel-4.1.2-7.1.6.ia64.rpm
Missing file
    MD5: adf1441f6531bcbf4c28099ea6b2b043
ftp://updates.redhat.com/rhn/repository/NULL/php-imap/4.1.2-7.1.6/ia64/php-imap-4.1.2-7.1.6.ia64.rpm
Missing file
    MD5: 1ffbe521674b69e4dd803f83ff93fd11
ftp://updates.redhat.com/rhn/repository/NULL/php-ldap/4.1.2-7.1.6/ia64/php-ldap-4.1.2-7.1.6.ia64.rpm
Missing file
    MD5: a73a8d1442eb3ddfe4d04ab1f5fa5537
ftp://updates.redhat.com/rhn/repository/NULL/php-manual/4.1.2-7.1.6/ia64/php-manual-4.1.2-7.1.6.ia64.rpm
Missing file
    MD5: e223b0684b29a924517f805d8058c51f
ftp://updates.redhat.com/rhn/repository/NULL/php-mysql/4.1.2-7.1.6/ia64/php-mysql-4.1.2-7.1.6.ia64.rpm
Missing file
    MD5: 854ee2456eaa097a5d1a982ab700fb52
ftp://updates.redhat.com/rhn/repository/NULL/php-odbc/4.1.2-7.1.6/ia64/php-odbc-4.1.2-7.1.6.ia64.rpm
Missing file
    MD5: b403ad7a65003754915a2d69d227bfba
ftp://updates.redhat.com/rhn/repository/NULL/php-pgsql/4.1.2-7.1.6/ia64/php-pgsql-4.1.2-7.1.6.ia64.rpm
Missing file
    MD5: de9880f7bb9be4b2d762d3a1f0a904c5
ftp://updates.redhat.com/rhn/repository/NULL/php-snmp/4.1.2-7.1.6/ia64/php-snmp-4.1.2-7.1.6.ia64.rpm
Missing file
    MD5: 2daf7b792b1c7e31d9e67738a1f25ddc
 
Red Hat Linux 7.2

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/php/4.1.2-7.2.6/SRPMS/php-4.1.2-7.2.6.src.rpm
Missing file
    MD5: d1200bf5bb11f41a2d7cfccb7e81a546
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/php/4.1.2-7.2.6/i386/php-4.1.2-7.2.6.i386.rpm
Missing file
    MD5: 6878faca22f015da9f3f68ac568b13d9
ftp://updates.redhat.com/rhn/repository/NULL/php-devel/4.1.2-7.2.6/i386/php-devel-4.1.2-7.2.6.i386.rpm
Missing file
    MD5: cee00c2d2a4cee6e8b6c3c8f37ea89fe
ftp://updates.redhat.com/rhn/repository/NULL/php-imap/4.1.2-7.2.6/i386/php-imap-4.1.2-7.2.6.i386.rpm
Missing file
    MD5: 557c9f75d8fbdf6e06154cd4fa97002e
ftp://updates.redhat.com/rhn/repository/NULL/php-ldap/4.1.2-7.2.6/i386/php-ldap-4.1.2-7.2.6.i386.rpm
Missing file
    MD5: e4814351b9db60cb7d7b8801eb543e1d
ftp://updates.redhat.com/rhn/repository/NULL/php-manual/4.1.2-7.2.6/i386/php-manual-4.1.2-7.2.6.i386.rpm
Missing file
    MD5: a74aca25eef4838c4aa56722e7c59213
ftp://updates.redhat.com/rhn/repository/NULL/php-mysql/4.1.2-7.2.6/i386/php-mysql-4.1.2-7.2.6.i386.rpm
Missing file
    MD5: f393631c119c73e78ea1a441229f6a34
ftp://updates.redhat.com/rhn/repository/NULL/php-odbc/4.1.2-7.2.6/i386/php-odbc-4.1.2-7.2.6.i386.rpm
Missing file
    MD5: a59dc41370ce0a1867ec603567e75c91
ftp://updates.redhat.com/rhn/repository/NULL/php-pgsql/4.1.2-7.2.6/i386/php-pgsql-4.1.2-7.2.6.i386.rpm
Missing file
    MD5: 9db516d929d817375e5df1e65cec8874
ftp://updates.redhat.com/rhn/repository/NULL/php-snmp/4.1.2-7.2.6/i386/php-snmp-4.1.2-7.2.6.i386.rpm
Missing file
    MD5: 57a7738197dec4bdc49ddf164b1f8ee7
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/php/4.1.2-7.2.6/ia64/php-4.1.2-7.2.6.ia64.rpm
Missing file
    MD5: f57ed9a83fe2205b500c3c604bc4b50e
ftp://updates.redhat.com/rhn/repository/NULL/php-devel/4.1.2-7.2.6/ia64/php-devel-4.1.2-7.2.6.ia64.rpm
Missing file
    MD5: c21dbae091815b81de1b2cb88e5b2088
ftp://updates.redhat.com/rhn/repository/NULL/php-imap/4.1.2-7.2.6/ia64/php-imap-4.1.2-7.2.6.ia64.rpm
Missing file
    MD5: 578792bfed2b1cacae39ab44072cac2a
ftp://updates.redhat.com/rhn/repository/NULL/php-ldap/4.1.2-7.2.6/ia64/php-ldap-4.1.2-7.2.6.ia64.rpm
Missing file
    MD5: cd49f2ac0192b8da16ee98386641dc99
ftp://updates.redhat.com/rhn/repository/NULL/php-manual/4.1.2-7.2.6/ia64/php-manual-4.1.2-7.2.6.ia64.rpm
Missing file
    MD5: 684f534069f2c533e08d83c54c7a7946
ftp://updates.redhat.com/rhn/repository/NULL/php-mysql/4.1.2-7.2.6/ia64/php-mysql-4.1.2-7.2.6.ia64.rpm
Missing file
    MD5: 0c270888c9c049335e3e4d907b97841c
ftp://updates.redhat.com/rhn/repository/NULL/php-odbc/4.1.2-7.2.6/ia64/php-odbc-4.1.2-7.2.6.ia64.rpm
Missing file
    MD5: 90a15b51bf3f14bb19a53b7efd90c239
ftp://updates.redhat.com/rhn/repository/NULL/php-pgsql/4.1.2-7.2.6/ia64/php-pgsql-4.1.2-7.2.6.ia64.rpm
Missing file
    MD5: 95835a51257fb5b337e335f635654bdd
ftp://updates.redhat.com/rhn/repository/NULL/php-snmp/4.1.2-7.2.6/ia64/php-snmp-4.1.2-7.2.6.ia64.rpm
Missing file
    MD5: 2d7b408823c692d8b347a4a280dc1b9e
 
Red Hat Linux 7.3

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/php/4.1.2-7.3.6/SRPMS/php-4.1.2-7.3.6.src.rpm
Missing file
    MD5: 49856911f9172d859529190d65358953
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/php/4.1.2-7.3.6/i386/php-4.1.2-7.3.6.i386.rpm
Missing file
    MD5: d541da613f5eae7b3f153b0622099b5f
ftp://updates.redhat.com/rhn/repository/NULL/php-devel/4.1.2-7.3.6/i386/php-devel-4.1.2-7.3.6.i386.rpm
Missing file
    MD5: 8d08d1daae515fd1516bee5fef782fa9
ftp://updates.redhat.com/rhn/repository/NULL/php-imap/4.1.2-7.3.6/i386/php-imap-4.1.2-7.3.6.i386.rpm
Missing file
    MD5: d2a49ba3a04906a01a9e3ea01ebe7013
ftp://updates.redhat.com/rhn/repository/NULL/php-ldap/4.1.2-7.3.6/i386/php-ldap-4.1.2-7.3.6.i386.rpm
Missing file
    MD5: ec745cc76cd4f01f095d3dd8b1fb8683
ftp://updates.redhat.com/rhn/repository/NULL/php-manual/4.1.2-7.3.6/i386/php-manual-4.1.2-7.3.6.i386.rpm
Missing file
    MD5: 2cb508396bd1d00e831f996644166df2
ftp://updates.redhat.com/rhn/repository/NULL/php-mysql/4.1.2-7.3.6/i386/php-mysql-4.1.2-7.3.6.i386.rpm
Missing file
    MD5: 8b6d67c4984cd5331e20e40813ecf9dd
ftp://updates.redhat.com/rhn/repository/NULL/php-odbc/4.1.2-7.3.6/i386/php-odbc-4.1.2-7.3.6.i386.rpm
Missing file
    MD5: 3915f34de79134e5c471893516462b75
ftp://updates.redhat.com/rhn/repository/NULL/php-pgsql/4.1.2-7.3.6/i386/php-pgsql-4.1.2-7.3.6.i386.rpm
Missing file
    MD5: e95d036edde0c536ef70bd9d43d29ef0
ftp://updates.redhat.com/rhn/repository/NULL/php-snmp/4.1.2-7.3.6/i386/php-snmp-4.1.2-7.3.6.i386.rpm
Missing file
    MD5: ed7d6075641acb74f3c3a59f929bcc63
 

References


Keywords

mail, PHP, safemode


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/