Bug#504255: CVE-2007-3215: remote shell command execution in

Sun, 02 Nov 2008 04:43:06 -0800 

On Sun, 2 Nov 2008 09:49:32 pm Olivier Berger wrote:
> Le dimanche 02 novembre 2008 à 11:13 +0100, Olivier Berger a écrit :
> > Thanks for spotting this problem.
> >
> > The referred [2] patch is actually not exactly apllicable to the version
> > of class.phpmailer.php shipped in phpgroupware 0.9.11, and the correct
> > one is attached.
> >
> > I'll try and work on preparing a patched package later today.
> >
> > Best regards,
>
> Here's a proposed change for the source package, that should solve this
> problem.
>
> $ interdiff -z phpgroupware_0.9.16.011-2.2.diff.gz
> phpgroupware_0.9.16.011-2.3.diff.gz diff -u
> phpgroupware-0.9.16.011/debian/changelog
> phpgroupware-0.9.16.011/debian/changelog ---
> phpgroupware-0.9.16.011/debian/changelog
> +++ phpgroupware-0.9.16.011/debian/changelog
> @@ -1,3 +1,11 @@
> +phpgroupware (0.9.16.011-2.3) stable-security; urgency=high
> +
> +  * Non-maintainer upload.
> +  * Fix remote shell command execution in class.phpmailer.php :
> +    CVE-2007-3215 (Closes: #504255).
> +
> + -- Olivier Berger <[EMAIL PROTECTED]>  Sun, 02 Nov 2008
> 11:36:15 +0100 +
>  phpgroupware (0.9.16.011-2.2) unstable; urgency=low
>
>    * Non-maintainer upload.
> only in patch2:
> unchanged:
> --- phpgroupware-0.9.16.011.orig/felamimail/inc/class.phpmailer.inc.php
> +++ phpgroupware-0.9.16.011/felamimail/inc/class.phpmailer.inc.php
> @@ -591,9 +591,9 @@
>       */
>      function sendmail_send($header, $body) {
>          if ($this->Sender != "")
> -            $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail,
> $this->Sender); +       $sendmail = sprintf("%s -oi -f %s -t",
> escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender)); else
> -            $sendmail = sprintf("%s -oi -t", $this->Sendmail);
> +       $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));
>
>          if([EMAIL PROTECTED] = popen($sendmail, "w"))
>          {
> ---------------------
>
> Note that I haven't tested phpgroupware-felamimail to see if this patch is
> valid.
>
> I'm not so sure about the changelog format also... and in any case, I can't
> upload it.
>
> Can someone from the security team take care of review and the upload ?
The patch looks good. I'll sponsor the upload. Thanks for your work.

Cheers
Steffen

P.S. If you want to use phpmailer stuff again, please use a dependency against 
libphp-phpmailer ;)

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to