Summary: | <dev-php/PEAR-Mail-1.2.0: Argument Injection (CVE-2009-{4023,4111}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | grknight, php-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://pear.php.net/bugs/bug.php?id=16200 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 349318 | ||
Bug Blocks: |
Description
Alex Legler (RETIRED)
2009-11-23 18:26:29 UTC
Raphael Geissert stated on the upstream bug ($URL) that the fix is not complete. This is contrary to Secunia's advisory. PHP, please wait for a new release or apply a patch as seen in that bug report. CVE-2009-4023 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023): Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111. CVE-2009-4111 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111): Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023. I added PEAR-Mail-1.2.0_beta5 to the tree, not sure if it covers the security bug or not. On their tracker, I only saw one instance of a security bug mentioned since the affected version: http://pear.php.net/bugs/bug.php?id=16200 PEAR-Mail 1.20 has been released and contains this in the ChangeLog: Bug #16200 - Security hole allow to read/write Arbitrary File Release date: 2010-03-01 12:47 UTC I would call the upstream part done Ebuild in CVS. Feel free to call stable (In reply to comment #5) > Ebuild in CVS. Feel free to call stable > Thank you. Arches, please test and mark stable: =dev-php/PEAR-Mail-1.2.0 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" amd64 ok amd64 done. Thanks Agostino x86 stable Stable on alpha. arm/ia64/s390/sh/sparc stable Stable for HPPA. stable for ppc64. ppc stable, last arch done GLSA request filed. This issue was resolved and addressed in GLSA 201412-09 at http://security.gentoo.org/glsa/glsa-201412-09.xml by GLSA coordinator Sean Amoss (ackle). |