PHP ftp_putcmd Function CRLF Injection

2007-03-23T09:57:17
ID OSVDB:34672
Type osvdb
Reporter OSVDB
Modified 2007-03-23T09:57:17

Description

Vulnerability Description

PHP contains a flaw that may allow a remote attacker to manipulate FTP commands. The issue is due to the ftp_putcmd function not properly sanitizing user-supplied input. By passing CRLF (newline) characters to FTP commands, it is possible to manipulate input to inject arbitrary FTP commands.

Solution Description

Upgrade to version 5.2.2, 4.4.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHP contains a flaw that may allow a remote attacker to manipulate FTP commands. The issue is due to the ftp_putcmd function not properly sanitizing user-supplied input. By passing CRLF (newline) characters to FTP commands, it is possible to manipulate input to inject arbitrary FTP commands.

References:

Vendor URL: http://www.php.net/ Vendor Specific News/Changelog Entry: http://us2.php.net/releases/4_4_7.php Vendor Specific News/Changelog Entry: http://us2.php.net/releases/5_2_2.php Secunia Advisory ID:25660 Secunia Advisory ID:25318 Secunia Advisory ID:26967 Secunia Advisory ID:25365 Secunia Advisory ID:25372 Secunia Advisory ID:25445 Secunia Advisory ID:26048 Secunia Advisory ID:27351 Secunia Advisory ID:25255 Secunia Advisory ID:25816 RedHat RHSA: RHSA-2007:0888 RedHat RHSA: RHSA-2007:0889 Other Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00052.html Other Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00054.html Other Advisory URL: http://www.ubuntu.com/usn/usn-462-1 Other Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html Other Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-231.htm Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200705-19.xml Other Advisory URL: http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=http--supportnovellcom-techcenter-psdb-3e349d7efffdfecc96ca44f446d1b2c4html&sliceId=&dialogID=38853114&stateId=0%200%2038851668 Other Advisory URL: http://www.trustix.org/errata/2007/0017/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0319.html CVE-2007-2509 Bugtraq ID: 23818