Debian Bug report logs -
#368592
php4: CVE-2006-1014 and CVE-2006-1015: argument injection in mb_send_mail function
Reported by: Alec Berryman <alec@thened.net>
Date: Tue, 23 May 2006 11:48:09 UTC
Severity: important
Tags: security
Done: sean finney <seanius@seanius.net>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#368592; Package php4.
(full text, mbox, link).
Acknowledgement sent to Alec Berryman <alec@thened.net>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: php4
Severity: important
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2006-1014: "Argument injection vulnerability in certain PHP 4.x and
5.x applications, when used with sendmail and when accepting remote
input for the additional_parameters argument to the mb_send_mail
function, allows context-dependent attackers to read and create
arbitrary files by providing extra -C and -X arguments to sendmail.
NOTE: it could be argued that this is a class of technology-specific
vulnerability, instead of a particular instance; if so, then this
should not be included in CVE."
CVE-2006-1015: "Argument injection vulnerability in certain PHP 3.x,
4.x, and 5.x applications, when used with sendmail and when accepting
remote input for the additional_parameters argument to the mail
function, allows remote attackers to read and create arbitrary files via
the sendmail -C and -X arguments. NOTE: it could be argued that this is
a class of technology-specific vulnerability, instead of a particular
instance; if so, then this should not be included in CVE."
This likely also affects php4 in sarge and woody. Advisory
SUSE-SA:2006:024 claims to have fixed this vulnerability. I cannot
find record of it fixed upstream.
Please mention the CVE in your changelog.
Thanks,
Alec
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEcvWkAud/2YgchcQRAuAsAJ9B0pDZtgQXJE1b1YolsGJoZ+/otwCgsgRP
Rc1hOQZFFCNtA7wOjQjpYbI=
=NyeY
-----END PGP SIGNATURE-----
Bug closed, send any further explanations to Alec Berryman <alec@thened.net>
Request was from sean finney <seanius@seanius.net>
to control@bugs.debian.org.
(full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 18 Jun 2007 23:55:42 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:37:24 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon