Re: [linux-security] php remote exploit (Debian)

[Martin Siegert <siegert@sfu.ca>]

On Wed, Sep 11, 2002 at 06:40:11PM -0700, Martin Siegert wrote:
> On Fri, Aug 23, 2002 at 03:36:50PM -0700, Martin Siegert wrote:
> > Topic
> > =====
> > PHP versions earlier than 4.1.0 contain a vulnerability that could allow
> > arbitrary commands to be executed.
> > 
> > Problem Description
> > ===================
> > PHP is an HTML-embedded scripting language commonly used with Apache. PHP
> > versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse
> > the 5th parameter to the mail() function. This vulnerability allows local
> > users and possibly remote attackers to execute arbitrary commands via shell
> > metacharacters.
> > 
> > Affected Systems
> > ================
> > php versions between 4.0.5 to 4.1.0 (both included)
> > 
> > Solution
> > ========
> > upgrade to version 4.1.1 or later (or patched version for your distribution).

Debian 2.2 (potato)
-------------------
upgrade to php3_3.0.18-0potato1.2_i386.deb,
           php3-cgi_3.0.18-0potato1.2_i386.deb,
           php4_4.0.3pl1-0potato4_i386.deb,
           php4-cgi_4.0.3pl1-0potato4_i386.deb

Debian 3.0 (woody)
------------------
upgrade to php3_3.0.18-23.1woody1_i386.deb,
           php3-cgi_3.0.18-23.1woody1_i386.deb,
           caudium-php4_4.1.2-5_i386.deb,
           php4_4.1.2-5_i386.deb,
           php4-cgi_4.1.2-5_i386.deb