PHP函数CRLF注入漏洞

漏洞信息详情

PHP函数CRLF注入漏洞

• CNNVD编号：CNNVD-200209-043
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2002-0986
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2002-09-24
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-12
  
• 厂        商：
  
  php
• 漏洞来源：
  Discovery of this …

PHP 4.x到4.2.2的邮件函数不能从他的参数过滤ASCII控制字符。远程攻击者修改包含邮件头的邮件消息目录和可能使用PHP作为“垃圾邮件代理”。

The vendor has made a source code fix available via the CVS repository.
Mandrake has released a new security advisory, (MDKSA-2003:082). Information on obtaining and applying fixes can be found in the referenced advisory.
OpenPKG has released a new security advisory, OpenPKG-SA-2003.032. Information on obtaining and applying fixes can be found in the referenced advisory.
Conectiva has released an advisory (CLA-2002:545) which contains fixes for this issue. Please see the attached advisory for further details on obtaining fixes.
RedHat has released a security advisory, RHSA-2002:213-06. Information on obtaining and applying fixes can be found in the referenced advisory.
HP has released an advisory for HP Secure OS, and has advised users to upgrade using the packages listed in Red Hat Security Advisory RHSA-2002:213-06.
Fixes available:
PHP PHP 3.0.18

• Debian php3_3.0.18-0potato1.2_alpha.deb
  
  http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potat
  o1.2_alpha.deb
• Debian php3_3.0.18-0potato1.2_arm.deb
  
  http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potat
  o1.2_arm.deb
• Debian php3_3.0.18-0potato1.2_i386.deb
  
  http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potat
  o1.2_i386.deb
• Debian php3_3.0.18-0potato1.2_m68k.deb
  
  http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potat
  o1.2_m68k.deb
• Debian php3_3.0.18-0potato1.2_powerpc.deb
  
  http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potat
  o1.2_powerpc.deb
• Debian php3_3.0.18-0potato1.2_sparc.deb
  
  http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potat
  o1.2_sparc.deb
• Debian php3_3.0.18-23.1woody1_alpha.deb
  
  http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1wo
  ody1_alpha.deb
• Debian php3_3.0.18-23.1woody1_arm.deb
  
  http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1wo
  ody1_arm.deb
• Debian php3_3.0.18-23.1woody1_hppa.deb
  
  http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1wo
  ody1_hppa.deb
• Debian php3_3.0.18-23.1woody1_i386.deb
  
  http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1wo
  ody1_i386.deb
• Debian php3_3.0.18-23.1woody1_ia64.deb
  
  http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1wo
  ody1_ia64.deb
• Debian php3_3.0.18-23.1woody1_m68k.deb
  
  http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1wo
  ody1_m68k.deb
• Debian php3_3.0.18-23.1woody1_mips.deb
  
  http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1wo
  ody1_mips.deb
• Debian php3_3.0.18-23.1woody1_mipsel.deb
  
  http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1wo
  ody1_mipsel.deb
• Debian php3_3.0.18-23.1woody1_powerpc.deb
  
  http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1wo
  ody1_powerpc.deb
• Debian php3_3.0.18-23.1woody1_s390.deb
  
  http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1wo
  ody1_s390.deb
• Debian php3_3.0.18-23.1woody1_sparc.deb
  
  http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1wo
  ody1_sparc.deb

PHP PHP 4.0.3

• Debian php4-cgi_4.0.3pl1-0potato4_alpha.deb
  
  http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.0.3pl1-
  0potato4_alpha.deb
• Debian php4-cgi_4.0.3pl1-0potato4_i386.deb
  
  http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.0.3pl1-
  0potato4_i386.deb
• Debian php4-cgi_4.0.3pl1-0potato4_m68k.deb
  
  http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.0.3pl1-
  0potato4_m68k.deb
• Debian php4-cgi_4.0.3pl1-0potato4_powerpc.deb
  
  http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.0.3pl1-
  0potato4_powerpc.deb
• Debian php4-cgi_4.0.3pl1-0potato4_sparc.deb
  
  http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.0.3pl1-
  0potato4_sparc.deb
• Debian php4_4.0.3pl1-0potato4_alpha.deb
  
  http://security.debian.org/pool/updates/main/p/php4/php4_4.0.3pl1-0pot
  ato4_alpha.deb
• Debian php4_4.0.3pl1-0potato4_i386.deb
  
  http://security.debian.org/pool/updates/main/p/php4/php4_4.0.3pl1-0pot
  ato4_i386.deb
• Debian php4_4.0.3pl1-0potato4_m68k.deb
  
  http://security.debian.org/pool/updates/main/p/php4/php4_4.0.3pl1-0pot
  ato4_m68k.deb
• Debian php4_4.0.3pl1-0potato4_powerpc.deb
  
  http://security.debian.org/pool/updates/main/p/php4/php4_4.0.3pl1-0pot
  ato4_powerpc.deb
• Debian php4_4.0.3pl1-0potato4_sparc.deb
  
  http://security.debian.org/pool/updates/main/p/php4/php4_4.0.3pl1-0pot
  ato4_sparc.deb
• PHP url.cSource Code Patch from CVS.
  
  http://cvs.php.net/diff.php/php4/ext/standard/url.c?r1=1.51&r2=1.52&ty
  =u&Horde=0

PHP PHP 4.0.4

• PHP url.cSource Code Patch from CVS.
  

  参考网址

  来源:US-CERT Vulnerability Note: VU#410609
  名称: VU#410609
  链接:http://www.kb.cert.org/vuls/id/410609

  来源: BID
  名称: 5562
  链接:http://www.securityfocus.com/bid/5562

  来源: XF
  名称: php-mail-ascii-injection(9959)
  链接:http://xforce.iss.net/xforce/xfdb/9959

  来源: BUGTRAQ
  名称: 20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()
  链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204&w=2

  来源: REDHAT
  名称: RHSA-2003:159
  链接:http://www.redhat.com/support/errata/RHSA-2003-159.html

  来源: REDHAT
  名称: RHSA-2002:248
  链接:http://www.redhat.com/support/errata/RHSA-2002-248.html

  来源: REDHAT
  名称: RHSA-2002:244
  链接:http://www.redhat.com/support/errata/RHSA-2002-244.html

  来源: REDHAT
  名称: RHSA-2002:243
  链接:http://www.redhat.com/support/errata/RHSA-2002-243.html

  来源: REDHAT
  名称: RHSA-2002:214
  链接:http://www.redhat.com/support/errata/RHSA-2002-214.html

  来源: REDHAT
  名称: RHSA-2002:213
  链接:http://www.redhat.com/support/errata/RHSA-2002-213.html

  来源: OSVDB
  名称: 2160
  链接:http://www.osvdb.org/2160

  来源: SUSE
  名称: SuSE-SA:2002:036
  链接:http://www.novell.com/linux/security/advisories/2002_036_modphp4.html

  来源: MANDRAKE
  名称: MDKSA-2003:082
  链接:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082

  来源: DEBIAN
  名称: DSA-168
  链接:http://www.debian.org/security/2002/dsa-168

  来源: BUGTRAQ
  名称: 20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)
  链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2

  来源: CONECTIVA
  名称: CLA-2002:545
  链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545

  来源: CALDERA
  名称: CSSA-2003-008.0
  链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt