Bug#504255: CVE-2007-3215: remote shell command execution in

Sun, 02 Nov 2008 06:22:54 -0800 

On Sun, 2 Nov 2008 11:34:28 pm Steffen Joeris wrote:
> On Sun, 2 Nov 2008 09:49:32 pm Olivier Berger wrote:
> > Le dimanche 02 novembre 2008 à 11:13 +0100, Olivier Berger a écrit :
> > > Thanks for spotting this problem.
> > >
> > > The referred [2] patch is actually not exactly apllicable to the
> > > version of class.phpmailer.php shipped in phpgroupware 0.9.11, and the
> > > correct one is attached.
> > >
> > > I'll try and work on preparing a patched package later today.
> > >
> > > Best regards,
> >
> > Here's a proposed change for the source package, that should solve this
> > problem.
> >
> > $ interdiff -z phpgroupware_0.9.16.011-2.2.diff.gz
> > phpgroupware_0.9.16.011-2.3.diff.gz diff -u
> > phpgroupware-0.9.16.011/debian/changelog
> > phpgroupware-0.9.16.011/debian/changelog ---
> > phpgroupware-0.9.16.011/debian/changelog
> > +++ phpgroupware-0.9.16.011/debian/changelog
> > @@ -1,3 +1,11 @@
> > +phpgroupware (0.9.16.011-2.3) stable-security; urgency=high
> > +
> > +  * Non-maintainer upload.
> > +  * Fix remote shell command execution in class.phpmailer.php :
> > +    CVE-2007-3215 (Closes: #504255).
> > +
> > + -- Olivier Berger <[EMAIL PROTECTED]>  Sun, 02 Nov 2008
> > 11:36:15 +0100 +
> >  phpgroupware (0.9.16.011-2.2) unstable; urgency=low
> >
> >    * Non-maintainer upload.
> > only in patch2:
> > unchanged:
> > --- phpgroupware-0.9.16.011.orig/felamimail/inc/class.phpmailer.inc.php
> > +++ phpgroupware-0.9.16.011/felamimail/inc/class.phpmailer.inc.php
> > @@ -591,9 +591,9 @@
> >       */
> >      function sendmail_send($header, $body) {
> >          if ($this->Sender != "")
> > -            $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail,
> > $this->Sender); +     $sendmail = sprintf("%s -oi -f %s -t",
> > escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender)); else
> > -            $sendmail = sprintf("%s -oi -t", $this->Sendmail);
> > +     $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));
> >
> >          if([EMAIL PROTECTED] = popen($sendmail, "w"))
> >          {
> > ---------------------
> >
> > Note that I haven't tested phpgroupware-felamimail to see if this patch
> > is valid.
> >
> > I'm not so sure about the changelog format also... and in any case, I
> > can't upload it.
> >
> > Can someone from the security team take care of review and the upload ?
>
> The patch looks good. I'll sponsor the upload. Thanks for your work.
>
> Cheers
> Steffen
>
> P.S. If you want to use phpmailer stuff again, please use a dependency
> against libphp-phpmailer ;)
One more thing, the package uses a patch system, so I'll add the patch there, 
instead of applying it directly.

Cheers
Steffen

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to