PHP mail函数注入ASCII控制字符欺骗mail头信息漏洞-一一网

漏洞信息详情

PHP mail函数注入ASCII控制字符欺骗mail头信息漏洞

CNNVD编号：CNNVD-200209-031

危害等级：高危
CVE编号：
CVE-2002-0985
漏洞类型：

未知
发布时间：

2002-08-23
威胁类型：

远程
更新时间：

2005-05-13
厂商：

php
漏洞来源：
Wojciech Purczynsk…

漏洞简介

PHP是一种流行的WEB服务器端编程语言，它功能强大，简单易用，在很多Unix操作系统默认都安装了PHP，它也可以在Windows系统下运行。
PHP的mail函数没有很好的过滤用户的输入，远程攻击者可能利用此漏洞修改邮件头信息。
PHP的mail函数没有很好的过滤用户输入的邮件字符串变量，导致用户输入的ASCII控制字符可以修改邮件信息，包括邮件头信息。

漏洞公告

临时解决方法：
如果您不能立刻安装补丁或者升级，CNNVD建议您采取以下措施以降低威胁：

* 在书写php脚本的时候过滤用户提交的特殊字符，只允许标准的email。
厂商补丁：
PHP
—
目前各家厂商已经提供了补丁或者升级程序：

RedHat就此漏洞发布了安全公告RHSA-2002:213-06。

Gentoo Linux建议使用dev-php/php-4.2.2-r1、dev-php/mod_php-4.2.2-r1及其以前版本的用户按照如下步骤升级系统:

emerge rsync

emerge php

and/or

emerge mod_php

emerge clean

补丁下载:

PHP PHP 3.0 .18:

Debian Upgrade php3-cgi_3.0.18-23.1woody1_sparc.deb

http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_sparc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_sparc.deb

Debian Upgrade php3_3.0.18-23.1woody1_sparc.deb

http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_sparc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_sparc.deb

Debian Upgrade php3-cgi_3.0.18-23.1woody1_s390.deb

http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_s390.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_s390.deb

Debian Upgrade php3_3.0.18-23.1woody1_s390.deb

http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_s390.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_s390.deb

Debian Upgrade php3-cgi_3.0.18-23.1woody1_powerpc.deb

http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_powerpc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_powerpc.deb

Debian Upgrade php3_3.0.18-23.1woody1_powerpc.deb

http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_powerpc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_powerpc.deb

Debian Upgrade php3-cgi_3.0.18-23.1woody1_mipsel.deb

http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_mipsel.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_mipsel.deb

Debian Upgrade php3_3.0.18-23.1woody1_mipsel.deb

http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_mipsel.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_mipsel.deb

Debian Upgrade php3-cgi_3.0.18-23.1woody1_mips.deb

http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_mips.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_mips.deb

Debian Upgrade php3_3.0.18-23.1woody1_mips.deb

http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_mips.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_mips.deb

Debian Upgrade php3-cgi_3.0.18-23.1woody1_m68k.deb

http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_m68k.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_m68k.deb

Debian Upgrade php3_3.0.18-23.1woody1_m68k.deb

http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_m68k.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_m68k.deb

Debian Upgrade php3-cgi_3.0.18-23.1woody1_hppa.deb

http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_hppa.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_hppa.deb

Debian Upgrade php3_3.0.18-23.1woody1_hppa.deb

http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_hppa.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_hppa.deb

Debian Upgrade php3-cgi_3.0.18-23.1woody1_ia64.deb

http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_ia64.deb

Debian Upgrade php3_3.0.18-23.1woody1_ia64.deb

http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_ia64.deb

Debian Upgrade php3-cgi_3.0.18-23.1woody1_i386.deb

http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_i386.deb

Debian Upgrade php3_3.0.18-23.1woody1_i386.deb

http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_i386.deb

Debian Upgrade php3-cgi_3.0.18-23.1woody1_arm.deb

http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_arm.deb

Debian Upgrade php3_3.0.18-23.1woody1_arm.deb

http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_arm.deb

Debian Upgrade php3-cgi_3.0.18-23.1woody1_alpha.deb

http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_alpha.deb

Debian Upgrade php3_3.0.18-23.1woody1_alpha.deb

http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_alpha.deb

Debian Upgrade php3-cgi_3.0.18-0potato1.2_sparc.deb

http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-0potato1.2_sparc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-0potato1.2_sparc.deb

Debian Upgrade php3_3.0.18-0potato1.2_sparc.deb

http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potato1.2_sparc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potato1.2_sparc.deb

Debian Upgrade php3-cgi_3.0.18-0potato1.2_powerpc.deb

http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-0potato1.2_powerpc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-0potato1.2_powerpc.deb

Debian Upgrade php3_3.0.18-0potato1.2_powerpc.deb

http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potato1.2_powerpc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potato1.2_powerpc.deb

Debian Upgrade php3-cgi_3.0.18-0potato1.2_m68k.deb

http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-0potato1.2_m68k.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-0potato1.2_m68k.deb

Debian Upgrade php3_3.0.18-0potato1.2_m68k.deb

http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potato1.2_m68k.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potato1.2_m68k.deb

Debian Upgrade php3-cgi_3.0.18-0potato1.2_i386.deb

http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-0potato1.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-0potato1.2_i386.deb

Debian Upgrade php3_3.0.18-0potato1.2_i386.deb

http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potato1.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potato1.2_i386.deb

Debian Upgrade

参考网址

来源: REDHAT
名称: RHSA-2002:213
链接:http://www.redhat.com/support/errata/RHSA-2002-213.html

来源: DEBIAN
名称: DSA-168
链接:http://www.debian.org/security/2002/dsa-168

来源: XF
名称: php-mail-safemode-bypass(9966)
链接:http://xforce.iss.net/xforce/xfdb/9966

来源: BUGTRAQ
名称: 20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204&w=2

来源: REDHAT
名称: RHSA-2003:159
链接:http://www.redhat.com/support/errata/RHSA-2003-159.html

来源: REDHAT
名称: RHSA-2002:248
链接:http://www.redhat.com/support/errata/RHSA-2002-248.html

来源: REDHAT
名称: RHSA-2002:244
链接:http://www.redhat.com/support/errata/RHSA-2002-244.html

来源: REDHAT
名称: RHSA-2002:243
链接:http://www.redhat.com/support/errata/RHSA-2002-243.html

来源: REDHAT
名称: RHSA-2002:214
链接:http://www.redhat.com/support/errata/RHSA-2002-214.html

来源: OSVDB
名称: 2111
链接:http://www.osvdb.org/2111

来源: SUSE
名称: SuSE-SA:2002:036
链接:http://www.novell.com/linux/security/advisories/2002_036_modphp4.html

来源: MANDRAKE
名称: MDKSA-2003:082
链接:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082

来源: BUGTRAQ
名称: 20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2

来源: CONECTIVA
名称: CLA-2002:545
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545

来源: CALDERA
名称: CSSA-2003-008.0
链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt

更多>>

文章版权归作者所有，未经允许请勿转载。

THE END

信息安全

Ektron CMS 会话劫持漏洞

Microsoft Windows TCP/IP协议驱动远程溢出漏洞

依赖倒置原则：高层代码和底层代码，到底谁该依赖谁？

Sambar网络服务器中的缓冲区溢出漏洞

Linux从头学06：16张结构图，彻底理解【代码重定位】的底层原理

Netty源码（十）启动

PHP mail函数注入ASCII控制字符欺骗mail头信息漏洞

漏洞信息详情

PHP mail函数注入ASCII控制字符欺骗mail头信息漏洞

漏洞简介

漏洞公告

参考网址

受影响实体

Ektron CMS 会话劫持漏洞

Microsoft Windows TCP/IP协议驱动 远程溢出漏洞

依赖倒置原则：高层代码和底层代码，到底谁该依赖谁？

Sambar网络服务器中的缓冲区溢出漏洞

Linux从头学06：16张结构图，彻底理解【代码重定位】的底层原理

Netty源码（十）启动

PHP mail函数注入ASCII控制字符欺骗mail头信息漏洞

漏洞信息详情

PHP mail函数注入ASCII控制字符欺骗mail头信息漏洞

漏洞简介

漏洞公告

参考网址

受影响实体

Microsoft Windows TCP/IP协议驱动远程溢出漏洞