[Sec-cert] [Mandriva] Schwachstellen in php-pear-Mail bis einschliesslich Version 1.2.0b2 - MDVSA-2010:025

WiN Site Security Contacts win-sec-ssc at lists.dfn-cert.de
Di Jan 26 14:45:28 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes Advisory von Mandriva Security. Wir
geben diese Informationen unveraendert an Sie weiter.

CVE-2009-4023 - Unzureichende Pruefung des $from Parameters in der PEAR
Mail::Send() Methode

  Die Mail::Send() Methode aus dem PEAR Mail/sendmail.php Script
  ueberprueft den $from Parameter nicht ausreichend auf evtl. enthaltene
  Metazeichen, so dass entfernte Angreifer beliebige Optionen an das
  sendmail Kommando uebergeben koennen. Dies fuehrt dazu, dass die
  Angreifer beliebige Dateien im System auslesen oder ueberschreiben
  koennen. Die Schwachstelle kann nur ausgenutzt werden, wenn sendmail
  als MTA verwendet wird.

CVE-2009-4111 - Unzureichende Pruefung des $recipients Parameters im
PEAR Mail/sendmail.php Script

  Das PEAR Mail/sendmail.php Script ueberprueft den $recipients Parameter
  nicht ausreichend auf evtl. enthaltene Metazeichen, so dass entfernte
  Angreifer beliebige Optionen an das sendmail Kommando uebergeben
  koennen. Dies fuehrt dazu, dass die Angreifer beliebige Dateien im
  System auslesen oder ueberschreiben koennen. Die Schwachstelle kann nur
  ausgenutzt werden, wenn sendmail als MTA verwendet wird.

Betroffen sind die folgenden Software Pakete und Plattformen:

  Paket php-pear-Mail

  Mandriva Linux 2008.0
  Mandriva Linux 2008.0/X86_64
  Mandriva Linux 2009.0
  Mandriva Linux 2009.0/X86_64
  Mandriva Linux 2009.1
  Mandriva Linux 2009.1/X86_64
  Mandriva Linux 2010.0
  Mandriva Linux 2010.0/X86_64
  Corporate 4.0
  Corporate 4.0/X86_64
  Mandriva Enterprise Server 5
  Mandriva Enterprise Server 5/X86_64

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
  http://www.mandriva.com/security/advisories?name=MDVSA-2010:025


(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
		Klaus Moeller, DFN-CERT

- -- 
Dipl. Inform. Klaus Moeller (Incident Response Team)
Phone: +49 40 808077-555, Fax: +49 40 808077-556

DFN-CERT Services GmbH, https://www.dfn-cert.de,  Phone  +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805,  Ust-IdNr.:  DE 232129737
Sachsenstrase 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

17. DFN Workshop    "Sicherheit in vernetzten Systemen"    09./10.02.2010
Informationen unter https://www.dfn-cert.de/veranstaltungen/workshop.html

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:025
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : php-pear-Mail
 Date    : January 25, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
           Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities were discovered and corrected in php-pear
 (Mail):
 
 Argument injection vulnerability in the sendmail implementation of
 the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14
 for PEAR allows remote attackers to read and write arbitrary files
 via a crafted  parameter, a different vector than CVE-2009-4111
 (CVE-2009-4023).
 
 Argument injection vulnerability in Mail/sendmail.php in the Mail
 package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows
 remote attackers to read and write arbitrary files via a crafted
 parameter, and possibly other parameters, a different vulnerability
 than CVE-2009-4023 (CVE-2009-4111).
 
 Packages for 2008.0 are provided for Corporate Desktop 2008.0
 customers.
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4023
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4111
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 943289b9ea09700ecaf5512c50d380d3  2008.0/i586/php-pear-5.2.4-1.1mdv2008.0.noarch.rpm 
 f77090cf65f4ade44835a112d4fc67e0  2008.0/SRPMS/php-pear-5.2.4-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 bfd61ade59779825fa62126c05f5967a  2008.0/x86_64/php-pear-5.2.4-1.1mdv2008.0.noarch.rpm 
 f77090cf65f4ade44835a112d4fc67e0  2008.0/SRPMS/php-pear-5.2.4-1.1mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 aacca8d19653ea6a82a248f604abbd0b  2009.0/i586/php-pear-5.2.6-6.1mdv2009.0.noarch.rpm 
 9468e00db376dab4664d665377b79fca  2009.0/SRPMS/php-pear-5.2.6-6.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 202b8122c1ec7ef90f0355f99b3c7686  2009.0/x86_64/php-pear-5.2.6-6.1mdv2009.0.noarch.rpm 
 9468e00db376dab4664d665377b79fca  2009.0/SRPMS/php-pear-5.2.6-6.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 2e2ae9f59bc3ac527362b5c0776236fe  2009.1/i586/php-pear-5.2.9-1.1mdv2009.1.noarch.rpm 
 82b814b71169f985b1b977ba60d5bd59  2009.1/SRPMS/php-pear-5.2.9-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 0115517a560174cac95a19cbd17ed745  2009.1/x86_64/php-pear-5.2.9-1.1mdv2009.1.noarch.rpm 
 82b814b71169f985b1b977ba60d5bd59  2009.1/SRPMS/php-pear-5.2.9-1.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 6f42b2e519d40d7fa304a3dc451c1c58  2010.0/i586/php-pear-Mail-1.2.0-0.b1.2.1mdv2010.0.noarch.rpm 
 7bb574ae5c1660a3a0cd5a2deff3586f  2010.0/SRPMS/php-pear-Mail-1.2.0-0.b1.2.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 f7401a8fdd2b526c806532fcb75271e3  2010.0/x86_64/php-pear-Mail-1.2.0-0.b1.2.1mdv2010.0.noarch.rpm 
 7bb574ae5c1660a3a0cd5a2deff3586f  2010.0/SRPMS/php-pear-Mail-1.2.0-0.b1.2.1mdv2010.0.src.rpm

 Corporate 4.0:
 a948abe7ef93f8e60f91d52f5e0aaee4  corporate/4.0/i586/php-pear-5.1.4-3.2.20060mlcs4.noarch.rpm 
 d8fca1fee69801c2b0c3de51fcb8ba8d  corporate/4.0/SRPMS/php-pear-5.1.4-3.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 3f1684a400312f5912cc80e235c083ec  corporate/4.0/x86_64/php-pear-5.1.4-3.2.20060mlcs4.noarch.rpm 
 d8fca1fee69801c2b0c3de51fcb8ba8d  corporate/4.0/SRPMS/php-pear-5.1.4-3.2.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 6bdc54b90afd9bea13d663c76efe9c3e  mes5/i586/php-pear-5.2.6-6.1mdvmes5.noarch.rpm 
 4bb9c64b927033aa2125a7893f29e943  mes5/SRPMS/php-pear-5.2.6-6.1mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 419935609521cbfc30b4161e483bdd13  mes5/x86_64/php-pear-5.2.6-6.1mdvmes5.noarch.rpm 
 4bb9c64b927033aa2125a7893f29e943  mes5/SRPMS/php-pear-5.2.6-6.1mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLXY9EmqjQ0CJFipgRAgCSAKCxY6087+jE38VM/U281f9g2aQXUwCfclj1
XZ+gf39nUGYCvYDE53udca4=
=jEIK
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFLXvH4WmhIvjFb90URAolpAJ9NbM8KVR4X0iWVOh/tEIQq1PkjcACeJN0I
/kiiby5cKq5LSW7cxG+T4bs=
=bCAD
-----END PGP SIGNATURE-----



Mehr Informationen über die Mailingliste Sec-cert