Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 438
Alerts This Week
Warning Icon 1 438

Red Hat 7.x RHSA-2002:102-26 Critical: PHP Mail Command Risk

red hat
Calendar Grey August 20, 2002
Dist Redhat Esm H88
The latest enhancements to the PHP module in Fedora tackle a serious vulnerability in the mail functionality that permitted unapproved command execution.
PHP versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse the 5th parameter to the mail() function

Solution

Please note that the /etc/php.ini configuration file is not replaced or overwritten. You should carefully review your configuration file and adapt it to your server or service functions.

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.

Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. RPMs required:

Red Hat Linux 7.0:

SRPMS:


alpha:










i386:










Red Hat Linux 7.1:

SRPMS:


alpha:










i386:










ia64:










Red Hat Linux 7.2:

SRPMS:


i386:










ia64:










Red Hat Linux 7.3:


SRPMS:


i386:












6. Verification:

MD5 sum Package Name a2ee962d03d4a66d8b4f064aa7bc4596 7.0/en/os/SRPMS/php-4.1.2-7.0.3.src.rpm 750e7b91eb1b948c1ada6b6e14745019 7.0/en/os/alpha/php-4.1.2-7.0.3.alpha.rpm 7e8630c06b5387206308b2d58d3d2e27 7.0/en/os/alpha/php-devel-4.1.2-7.0.3.alpha.rpm e99a263708ed7344d6b0dca89a7bedd7 7.0/en/os/alpha/php-imap-4.1.2-7.0.3.alpha.rpm f9383dea9e04cb29329d40703e83dc9d 7.0/en/os/alpha/php-ldap-4.1.2-7.0.3.alpha.rpm 37f80225c1bc981140ff08b675333f44 7.0/en/os/alpha/php-manual-4.1.2-7.0.3.alpha.rpm 322b0acb43409534b969741d1059158f 7.0/en/os/alpha/php-mysql-4.1.2-7.0.3.alpha.rpm 244f984a506cb4e4ba8ede42d52890ad 7.0/en/os/alpha/php-odbc-4.1.2-7.0.3.alpha.rpm 5cd223c968ba2dd19e6851ab2b650edd 7.0/en/os/alpha/php-pgsql-4.1.2-7.0.3.alpha.rpm ee25efa287c33c897141564a21ce3f25 7.0/en/os/alpha/php-snmp-4.1.2-7.0.3.alpha.rpm df35c9aeaf9c254b0489d173ecc7d248 7.0/en/os/i386/php-4.1.2-7.0.3.i386.rpm e7a51b96b17f65471d7e900af418405b 7.0/en/os/i386/php-devel-4.1.2-7.0.3.i386.rpm b30b20df764294804528efad22a9a232 7.0/en/os/i386/php-imap-4.1.2-7.0.3.i386.rpm 524665531d576c6e8dbe4ca0588138a0 7.0/en/os/i386/php-ldap-4.1.2-7.0.3.i386.rpm 6e7c5348752eff801507a5474bc523f8 7.0/en/os/i386/php-manual-4.1.2-7.0.3.i386.rpm 9ffd7688ed63a65dc2ba45a39775dfac 7.0/en/os/i386/php-mysql-4.1.2-7.0.3.i386.rpm 97270c6acfb9a7b81b2640fc233d2a80 7.0/en/os/i386/php-odbc-4.1.2-7.0.3.i386.rpm 42760e93ad046f1d355a48b0d65d5506 7.0/en/os/i386/php-pgsql-4.1.2-7.0.3.i386.rpm 8775b297d5b31e0637ba408ffbc35fcf 7.0/en/os/i386/php-snmp-4.1.2-7.0.3.i386.rpm 22eb1586d39c15f391289576cc86df48 7.1/en/os/SRPMS/php-4.1.2-7.1.3.src.rpm a21ba4abbf2316c753f8e52e6e47f002 7.1/en/os/alpha/php-4.1.2-7.1.3.alpha.rpm 059fafb0eced5dfe9cecf9150f8ecdff 7.1/en/os/alpha/php-devel-4.1.2-7.1.3.alpha.rpm e912f96d952301e59ee292e6a09c5d17 7.1/en/os/alpha/php-imap-4.1.2-7.1.3.alpha.rpm 3d01db9cd6c18387fc86bad872f19996 7.1/en/os/alpha/php-ldap-4.1.2-7.1.3.alpha.rpm b02be8a598b1e35847a5717691cfd4eb 7.1/en/os/alpha/php-manual-4.1.2-7.1.3.alpha.rpm 509faf7624f199aa0998608a01067d11 7.1/en/os/alpha/php-mysql-4.1.2-7.1.3.alpha.rpm 89bc30f6f02235261235758419615d85 7.1/en/os/alpha/php-odbc-4.1.2-7.1.3.alpha.rpm 7c88ce1fb8060de300ea6575324b9964 7.1/en/os/alpha/php-pgsql-4.1.2-7.1.3.alpha.rpm f1a0ef5807f55c6df45002feff5be0aa 7.1/en/os/alpha/php-snmp-4.1.2-7.1.3.alpha.rpm 0e91ea0f81ad8f2e3c14d9599efc864b 7.1/en/os/i386/php-4.1.2-7.1.3.i386.rpm c8f574834d7acbda486119f52ee0b0d7 7.1/en/os/i386/php-devel-4.1.2-7.1.3.i386.rpm beaa1ce1217afc83cdeebfba9163c7c1 7.1/en/os/i386/php-imap-4.1.2-7.1.3.i386.rpm 41fcabdc59a3f417623dc9c963a6b45d 7.1/en/os/i386/php-ldap-4.1.2-7.1.3.i386.rpm 9dfb36f4ded01b1d94387a1ac9f87a76 7.1/en/os/i386/php-manual-4.1.2-7.1.3.i386.rpm 60e4469799954c8a36632fc2e753de11 7.1/en/os/i386/php-mysql-4.1.2-7.1.3.i386.rpm b74c269986aaa4ba4f3f149efbc611da 7.1/en/os/i386/php-odbc-4.1.2-7.1.3.i386.rpm a043736dd3ae42823bc1e608c50aee97 7.1/en/os/i386/php-pgsql-4.1.2-7.1.3.i386.rpm 6a12c67b6f383d498eef598b193775ad 7.1/en/os/i386/php-snmp-4.1.2-7.1.3.i386.rpm 87ad9a08a1fd3a835581c266639d0d87 7.1/en/os/ia64/php-4.1.2-7.1.3.ia64.rpm e74adc2cfeefeb9522244410bac2db38 7.1/en/os/ia64/php-devel-4.1.2-7.1.3.ia64.rpm ff472ad79eca51960a3b0286e5bdf48d 7.1/en/os/ia64/php-imap-4.1.2-7.1.3.ia64.rpm 009f887ea1e3168e031605055c73e44e 7.1/en/os/ia64/php-ldap-4.1.2-7.1.3.ia64.rpm da6c1c091989de604f316c48a4c4b757 7.1/en/os/ia64/php-manual-4.1.2-7.1.3.ia64.rpm c11d30cd25d2565ba941857e3a60a7a2 7.1/en/os/ia64/php-mysql-4.1.2-7.1.3.ia64.rpm 166f9ac22b4faf7e4aab0495d1a1467c 7.1/en/os/ia64/php-odbc-4.1.2-7.1.3.ia64.rpm ce1c8f7f04c6d150c20210d2071a88b6 7.1/en/os/ia64/php-pgsql-4.1.2-7.1.3.ia64.rpm ff02ebff8b568a476e7d2469a5db901a 7.1/en/os/ia64/php-snmp-4.1.2-7.1.3.ia64.rpm 17767caa1c540ae7467032b507dc537b 7.2/en/os/SRPMS/php-4.1.2-7.2.3.src.rpm 5ee69c9773909727327b52ac257f9c7f 7.2/en/os/i386/php-4.1.2-7.2.3.i386.rpm 7660b8e758d56a6b176ecfc9b511e0f1 7.2/en/os/i386/php-devel-4.1.2-7.2.3.i386.rpm 0fcdfc60bdb7984f676f1f1433307f02 7.2/en/os/i386/php-imap-4.1.2-7.2.3.i386.rpm 422f4977bf916c14ade9b1f508279f5a 7.2/en/os/i386/php-ldap-4.1.2-7.2.3.i386.rpm 69f78016ffdbde0b250548d04653a78e 7.2/en/os/i386/php-manual-4.1.2-7.2.3.i386.rpm d50c9c8054bb98eb18b2233392c7791f 7.2/en/os/i386/php-mysql-4.1.2-7.2.3.i386.rpm c9a434dec3de1aa47a43f8fe1977eab1 7.2/en/os/i386/php-odbc-4.1.2-7.2.3.i386.rpm 8a9781796430c4c11b490e8bfe9aa1d1 7.2/en/os/i386/php-pgsql-4.1.2-7.2.3.i386.rpm f5feae57a884690a8c20098938371af8 7.2/en/os/i386/php-snmp-4.1.2-7.2.3.i386.rpm 716e0dd9ea1049c4c38957120d41aaf5 7.2/en/os/ia64/php-4.1.2-7.2.3.ia64.rpm 42702bc5eef0a42b2be3b6562ff48a73 7.2/en/os/ia64/php-devel-4.1.2-7.2.3.ia64.rpm a9bf2a4cca701b9fe83c5f6e9e9ae4e2 7.2/en/os/ia64/php-imap-4.1.2-7.2.3.ia64.rpm 18ae95909ca09ec897e313828b9d3eb8 7.2/en/os/ia64/php-ldap-4.1.2-7.2.3.ia64.rpm 6223f95f7279913fde43c992fe17301a 7.2/en/os/ia64/php-manual-4.1.2-7.2.3.ia64.rpm 649c0fa4c72ac1bb9e08c935dba3ce7d 7.2/en/os/ia64/php-mysql-4.1.2-7.2.3.ia64.rpm 0ce6494f01975351bd926beec07c3a7f 7.2/en/os/ia64/php-odbc-4.1.2-7.2.3.ia64.rpm 7fd8108c6fa9f553516dfb4c6d857cf0 7.2/en/os/ia64/php-pgsql-4.1.2-7.2.3.ia64.rpm 53377d928d58310481097ae001689da8 7.2/en/os/ia64/php-snmp-4.1.2-7.2.3.ia64.rpm 91f6379bc8ada6024971b80c6d553cca 7.3/en/os/SRPMS/php-4.1.2-7.3.3.src.rpm 236c34f6696dfce574270e05f53d863b 7.3/en/os/i386/php-4.1.2-7.3.3.i386.rpm b1d20691d59cd9cef8b0e6671099c216 7.3/en/os/i386/php-devel-4.1.2-7.3.3.i386.rpm 34e57c7bc9ea368f9d4e32a1e2d1e908 7.3/en/os/i386/php-imap-4.1.2-7.3.3.i386.rpm 1fdc4d0de35fc93e66ec6601b8b32b03 7.3/en/os/i386/php-ldap-4.1.2-7.3.3.i386.rpm 02d02c10053f3738e13180520af22b1c 7.3/en/os/i386/php-manual-4.1.2-7.3.3.i386.rpm 98e8d5b9458d5dc26d57c5216e7d0877 7.3/en/os/i386/php-mysql-4.1.2-7.3.3.i386.rpm 9fb7dc54903aae71b907b4f86544e80e 7.3/en/os/i386/php-odbc-4.1.2-7.3.3.i386.rpm c664feafa07b2b1f754e0cc37bcc0eeb 7.3/en/os/i386/php-pgsql-4.1.2-7.3.3.i386.rpm c1de92828fedb0e88ed73a6ba4c94303 7.3/en/os/i386/php-snmp-4.1.2-7.3.3.i386.rpm


These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About

You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg


Summary

References

CVE -CVE-2001-1246 Copyright(c) 2000, 2001, 2002 Red Hat, Inc.

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2002:102-26
Issue date: 2002-05-27
Updated on: 2002-08-19
Product: Red Hat Linux
Keywords: mail PHP safemode 5th parameter
Cross references:
Obsoletes: RHSA-2002:035

Topic

Relevant Releases Architectures

Red Hat Linux 7.0 - alpha, i386

Red Hat Linux 7.1 - alpha, i386, ia64

Red Hat Linux 7.2 - i386, ia64

Red Hat Linux 7.3 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.