php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #75505 pfsockopen may cause a security problem
Submitted: 2017-11-09 03:18 UTC Modified: 2018-01-15 13:31 UTC
From: zhihua dot yao at dbappsecurity dot com dot cn Assigned:
Status: Duplicate Package: *Network Functions
PHP Version: 7.1.11 OS: *
Private report: No CVE-ID: 2017-7272
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: zhihua dot yao at dbappsecurity dot com dot cn
New email:
PHP Version: OS:

 

 [2017-11-09 03:18 UTC] zhihua dot yao at dbappsecurity dot com dot cn
Description:
------------
This bug is related to bug#74216,but they are not the same function.It may cause ssrf vulnerability in Web Application.

Test script:
---------------
<?php

$fp = pfsockopen("192.168.75.183:8000", 443);


Expected result:
----------------
It will accept from 443.

Actual result:
--------------


hjy@ubuntu:~$ nc -lvv 8000
Listening on [0.0.0.0] (family 0, port 8000)
Connection from [192.168.75.183] port 8000 [tcp/*] accepted (family 2, sport 53352)


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-11-09 16:00 UTC] johannes@php.net
-Status: Open +Status: Duplicate
 [2017-11-09 16:00 UTC] johannes@php.net
fsockopen and pfsockopen have the same implementation. A fix to #74216  will also fix this case.

bug #74216 has a longer discussion already.
 [2018-01-15 13:31 UTC] kaplan@php.net
-CVE-ID: +CVE-ID: 2017-7272
 [2018-02-28 22:13 UTC] contacto at agora-security dot com
Hello,

Has this issue been fixed?

It's not clear. I don't see any reference to CVE-2017-7272 in the Changelog:
http://www.php.net/ChangeLog-7.php

I saw that in version:
7.0.18 - Fixed bug #74216 (Correctly fail on invalid IP address ports).
7.1.4 - Fixed bug #74216 (Correctly fail on invalid IP address ports).

Anyhow:
7.0.19 - Patch for bug #74216 was reverted.

Thanks!
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Nov 11 05:01:28 2024 UTC