Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

PHP mail() function invalid characters processing
Published: 29.03.2007
Source: PHP-SECURITY
SecurityVulns ID: 7491
Type: library
Level: 5/10
Description: Unfiltered \r\n and \0 characters allows strings injection and header truncation.

Affected: PHP : PHP 4.4
PHP : PHP 5.2
CVE: CVE-2007-1718 (CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.)
CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.)

Original document PHP-SECURITY, MOPB-34-2007:PHP mail() Header Injection Through Subject and To Parameters (29.03.2007)

PHP-SECURITY, MOPB-33-2007:PHP mail() Message ASCIIZ Byte Truncation (29.03.2007)

Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)