php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #75505 pfsockopen may cause a security problem
Submitted: 2017-11-09 03:18 UTC Modified: 2018-01-15 13:31 UTC
From: zhihua dot yao at dbappsecurity dot com dot cn Assigned:
Status: Duplicate Package: *Network Functions
PHP Version: 7.1.11 OS: *
Private report: No CVE-ID: 2017-7272
 [2017-11-09 03:18 UTC] zhihua dot yao at dbappsecurity dot com dot cn
Description:
------------
This bug is related to bug#74216,but they are not the same function.It may cause ssrf vulnerability in Web Application.

Test script:
---------------
<?php

$fp = pfsockopen("192.168.75.183:8000", 443);


Expected result:
----------------
It will accept from 443.

Actual result:
--------------


hjy@ubuntu:~$ nc -lvv 8000
Listening on [0.0.0.0] (family 0, port 8000)
Connection from [192.168.75.183] port 8000 [tcp/*] accepted (family 2, sport 53352)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-11-09 16:00 UTC] johannes@php.net
-Status: Open +Status: Duplicate
 [2017-11-09 16:00 UTC] johannes@php.net
fsockopen and pfsockopen have the same implementation. A fix to #74216  will also fix this case.

bug #74216 has a longer discussion already.
 [2018-01-15 13:31 UTC] kaplan@php.net
-CVE-ID: +CVE-ID: 2017-7272
 [2018-02-28 22:13 UTC] contacto at agora-security dot com
Hello,

Has this issue been fixed?

It's not clear. I don't see any reference to CVE-2017-7272 in the Changelog:
http://www.php.net/ChangeLog-7.php

I saw that in version:
7.0.18 - Fixed bug #74216 (Correctly fail on invalid IP address ports).
7.1.4 - Fixed bug #74216 (Correctly fail on invalid IP address ports).

Anyhow:
7.0.19 - Patch for bug #74216 was reverted.

Thanks!
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC