PHP mail() command Arbitrary Remote File Access

2001-06-12T00:00:00
ID OSVDB:5440
Type osvdb
Reporter Joost Pol(joost@contempt.nl)
Modified 2001-06-12T00:00:00

Description

Vulnerability Description

PHP contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an extra 5th parameter was added to the mail() command breaking safemode, which will disclose information accessible by the webserver account resulting in a loss of confidentiality.

Solution Description

Upgrade to version 4.12 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Change the ini setting error_log. Disallow setting of ini variables in safemode

Short Description

PHP contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an extra 5th parameter was added to the mail() command breaking safemode, which will disclose information accessible by the webserver account resulting in a loss of confidentiality.

References:

Vendor URL: http://www.phpbuilder.com/lists/php-developer-list/2001071/0062.php RedHat RHSA: RHSA-2002:035-18 Other Advisory URL: http://icat.nist.gov/icat.cfm?cvename=CVE-2001-1247 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-07/0003.html Keyword: spawn shell Keyword: suexec Keyword: unexepected access Keyword: httpd.conf Keyword: documentroot, Keyword: sendmail_cmd Keyword: provider config Keyword: customer access Keyword: shell Keyword: php.ini,breaks safe-mode Keyword: upload Keyword: web hosting Keyword: document_root CVE-2001-1247