[php-maint] Bug#341368: CVE-2005-3883: Injection of arbitrary values into the To:-header of the md_send_mail() function

Moritz Muehlenhoff jmm at inutil.org
Wed Nov 30 09:08:57 UTC 2005

Package: php5
Severity: important
Tags: security

Quoting from http://bugs.php.net/bug.php?id=35307:

 The unexpected header can be injected at the mb_send_mail function.
 The mail function is doing the check of the unexpected  control code to
 "To" and "Subject".
 However, the mb_send_mail function isn't doing a check.

 By the feature of the function overload, mail function is exchanged for
 the mb_send_mail function.
 Therefore, it thinks that the check like the mail function is necessary
 about the mb_send_mail function, too.

This has been assigned CVE-2005-3883 and it's fixed upstream in 5.1.0.


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)

More information about the pkg-php-maint mailing list