PHP :: Bug #12178 :: ext/standard/mail.c insecurity

Bug #12178	ext/standard/mail.c insecurity
Submitted:	2001-07-15 13:14 UTC	Modified:	2001-11-30 04:26 UTC
From:	sintes at nfrance dot com	Assigned:
Status:	Closed	Package:	Mail related
PHP Version:	4.0.6	OS:	All UNIX
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	sintes at nfrance dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2001-07-15 13:14 UTC] sintes at nfrance dot com

ext/standard/mail.c is potentialy insecure.

>extra_cmd = (*argv[4])->value.str.val;
>strcat (sendmail_cmd, extra_cmd);
>sendmail = popen(sendmail_cmd, "w");

So it is possible to use extra_cmd to gain shell access.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-11-30 04:26 UTC] derick@php.net

This was fixed a long time ago. (on 2001/07/05 08:47:37)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Apr 24 01:01:31 2024 UTC