Grokbase Groups PHP pear-bugs November 2009
FAQ
Edit report at http://pear.php.net/bugs/bug.php?id=16200&edit=1

ID: 16200
Comment by: dnikolaenko
Reported By: dennis at nikolaenko dot ru
Summary: security hole allow to read/write Arbitrary File
Status: Closed
Type: Bug
Package: Mail
Operating System: linux
Package Version: 1.1.14
PHP Version: 5.2.5
Assigned To: davidc
New Comment:

Please request a CVE identifier for this bug to be noticed in Linux
distros.


Previous Comments:
------------------------------------------------------------------------

[2009-05-09 16:17:14] davidc

<div id="changeset">
<span class="removed">-Status: Critical</span>
<span class="added">+Status: Closed</span>
</div>
This bug has been fixed in CVS.

If this was a documentation problem, the fix will appear on
pear.php.net by the end of next Sunday (CET).

If this was a problem with the pear.php.net website, the change should
be live shortly.

Otherwise, the fix will appear in the package's next release.

Thank you for the report and for helping us make PEAR better.

Could you guys please roll a release? Cheers.

------------------------------------------------------------------------

[2009-05-09 16:16:49] davidc

<div id="changeset">
<span class="removed">-Assigned To:</span>
<span class="added">+Assigned To: davidc</span>
</div>

------------------------------------------------------------------------

[2009-05-08 05:37:52] doconnor

Above patch adds in Validate and validates the from address is a valid
email.

This may not be correct behaviour.
This may also still be exploitable by targetting different arguments.

------------------------------------------------------------------------

[2009-05-08 05:36:52] doconnor

The following patch has been added/updated:

Patch Name: quick-fix
Revision: 1241757412
URL:
http://pear.php.net/bugs/patch-display.php?bug=16200&patch=quick-fix&revision=1241757412&display=1

------------------------------------------------------------------------

[2009-05-08 05:20:20] doconnor

<div id="changeset">
<span class="removed">-Status: Open</span>
<span class="added">+Status: Critical</span>
</div>
Bumping to critical for the moment.

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://pear.php.net/bugs/bug.php?id=16200

Search Discussions

  • Rgeissert at Nov 21, 2009 at 7:26 am
    Edit report at http://pear.php.net/bugs/bug.php?id=16200&edit=1

    ID: 16200
    Comment by: rgeissert
    Reported By: geissert at debian dot org
    Summary: security hole allow to read/write Arbitrary File
    Status: Closed
    Type: Bug
    Package: Mail
    Operating System: linux
    Package Version: 1.1.14
    PHP Version: 5.2.5
    Assigned To: davidc
    New Comment:

    The fix is incomplete, $recipients also needs to be properly escaped.

    - $recipients = escapeShellCmd(implode(' ', $recipients));
    + $recipients = implode(' ', array_map('escapeshellarg',
    $recipients));


    Previous Comments:
    ------------------------------------------------------------------------

    [2009-11-20 13:08:45] dnikolaenko

    Please request a CVE identifier for this bug to be noticed in Linux
    distros.

    ------------------------------------------------------------------------

    [2009-05-09 16:17:14] davidc

    <div id="changeset">
    <span class="removed">-Status: Critical</span>
    <span class="added">+Status: Closed</span>
    </div>
    This bug has been fixed in CVS.

    If this was a documentation problem, the fix will appear on
    pear.php.net by the end of next Sunday (CET).

    If this was a problem with the pear.php.net website, the change should
    be live shortly.

    Otherwise, the fix will appear in the package's next release.

    Thank you for the report and for helping us make PEAR better.

    Could you guys please roll a release? Cheers.

    ------------------------------------------------------------------------

    [2009-05-09 16:16:49] davidc

    <div id="changeset">
    <span class="removed">-Assigned To:</span>
    <span class="added">+Assigned To: davidc</span>
    </div>

    ------------------------------------------------------------------------

    [2009-05-08 05:37:52] doconnor

    Above patch adds in Validate and validates the from address is a valid
    email.

    This may not be correct behaviour.
    This may also still be exploitable by targetting different arguments.

    ------------------------------------------------------------------------

    [2009-05-08 05:36:52] doconnor

    The following patch has been added/updated:

    Patch Name: quick-fix
    Revision: 1241757412
    URL:
    http://pear.php.net/bugs/patch-display.php?bug=16200&patch=quick-fix&revision=1241757412&display=1

    ------------------------------------------------------------------------

    The remainder of the comments for this report are too long. To view
    the rest of the comments, please view the bug report online at
    http://pear.php.net/bugs/bug.php?id=16200

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppear-bugs @
categoriesphp
postedNov 20, '09 at 12:10p
activeNov 21, '09 at 7:26a
posts2
users2
websitepear.php.net

2 users in discussion

Rgeissert: 1 post Dnikolaenko: 1 post

Content

People

Support

Translate

site design / logo © 2023 Grokbase