Date: Wed, 21 Nov 2018 16:16:48 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 233384] lang/php56: imap_open allows to run arbitrary shell commands via mailbox parameter Message-ID: <bug-233384-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233384 Bug ID: 233384 Summary: lang/php56: imap_open allows to run arbitrary shell commands via mailbox parameter Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ale@FreeBSD.org Reporter: joneum@FreeBSD.org Assignee: ale@FreeBSD.org Flags: maintainer-feedback?(ale@FreeBSD.org) Hey Alex :-) There is a vulnerability in PHP56: https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php There is a Bug Report: https://bugs.php.net/bug.php?id=3D77153&edit=3D1 And here is a patch for PHP56: https://gist.github.com/cmb69/b3ca981599bf21004c6417ab64dea4b7#file-disable= -rsh-globally-patch Greetings --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-233384-7788>