Dotdeb PHP PHP_Self Path_Info Email Header Injection Vulnerability
BID:21075
Info
Dotdeb PHP PHP_Self Path_Info Email Header Injection Vulnerability
| Bugtraq ID: | 21075 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-7087 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 14 2006 12:00AM |
| Updated: | Jul 06 2016 02:40PM |
| Credit: | Stefan Esser is credited with the discovery of this issue. |
| Vulnerable: |
Dotdeb Dotdeb PHP 5.2 Dotdeb Dotdeb PHP 5.1 Dotdeb Dotdeb PHP 5.0 Dotdeb Dotdeb PHP 4.4.4 Dotdeb Dotdeb PHP 4.4.3 Dotdeb Dotdeb PHP 4.4 |
| Not Vulnerable: |
Dotdeb Dotdeb PHP 5.2 Rev 3 Dotdeb Dotdeb PHP 4.4.4 Rev 1 |
Discussion
Dotdeb PHP PHP_Self Path_Info Email Header Injection Vulnerability
Dotdeb PHP is prone to an email-header-injection vulnerability because it fails to properly sanitize user-supplied input when constructing email messages.
Exploiting this issue allows a malicious user to create an arbitrary email header, and then create and transmit spam messages from the affected computer.
PHP4 versions prior to 4.4.4 are vulnerable.
PHP5 versions prior to 5.2.0 rev 3 are vulnerable.
Dotdeb PHP is prone to an email-header-injection vulnerability because it fails to properly sanitize user-supplied input when constructing email messages.
Exploiting this issue allows a malicious user to create an arbitrary email header, and then create and transmit spam messages from the affected computer.
PHP4 versions prior to 4.4.4 are vulnerable.
PHP5 versions prior to 5.2.0 rev 3 are vulnerable.
Exploit / POC
Dotdeb PHP PHP_Self Path_Info Email Header Injection Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Dotdeb PHP PHP_Self Path_Info Email Header Injection Vulnerability
Solution:
The vendor has released an updated version that addresses this issue. Please see the vendor references for more information.
Dotdeb Dotdeb PHP 4.4
Dotdeb Dotdeb PHP 4.4.3
Dotdeb Dotdeb PHP 4.4.4
Dotdeb Dotdeb PHP 5.0
Dotdeb Dotdeb PHP 5.1
Dotdeb Dotdeb PHP 5.2
Solution:
The vendor has released an updated version that addresses this issue. Please see the vendor references for more information.
Dotdeb Dotdeb PHP 4.4
-
Dotdeb php4_4.4.4-0.dotdeb.1.diff.gz
http://packages.dotdeb.org/dists/stable/php4/source/php4_4.4.4-0.dotde b.1.diff.gz
Dotdeb Dotdeb PHP 4.4.3
-
Dotdeb php4_4.4.4-0.dotdeb.1.diff.gz
http://packages.dotdeb.org/dists/stable/php4/source/php4_4.4.4-0.dotde b.1.diff.gz
Dotdeb Dotdeb PHP 4.4.4
-
Dotdeb php4_4.4.4-0.dotdeb.1.diff.gz
http://packages.dotdeb.org/dists/stable/php4/source/php4_4.4.4-0.dotde b.1.diff.gz
Dotdeb Dotdeb PHP 5.0
-
Dotdeb php5_5.2.0-0.dotdeb.3.diff.gz
http://packages.dotdeb.org/dists/stable/php5/source/php5_5.2.0-0.dotde b.3.diff.gz
Dotdeb Dotdeb PHP 5.1
-
Dotdeb php5_5.2.0-0.dotdeb.3.diff.gz
http://packages.dotdeb.org/dists/stable/php5/source/php5_5.2.0-0.dotde b.3.diff.gz
Dotdeb Dotdeb PHP 5.2
-
Dotdeb php5_5.2.0-0.dotdeb.3.diff.gz
http://packages.dotdeb.org/dists/stable/php5/source/php5_5.2.0-0.dotde b.3.diff.gz
References
Dotdeb PHP PHP_Self Path_Info Email Header Injection Vulnerability
References:
References:
- Vendor Homepage (Dotdeb)
- Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability (Marcello Barnaba)
- Dotdeb PHP Email Header Injection Vulnerability (Stefan Esser)