HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2007-19
PHP Imap_Mail_Compose (), GD graphics library and PHP- Fusion SQL injection vulnerabilities

Original issue date: April 13, 2007

Severity Rating: High

Systems Affected

  • PHP version 4.4.6 and prior
  • PHP version 5.2.1 and prior
  • Expanded Calendar Module 2.0 (module for PHP-Fusion)

Overview

Multiple vulnerabilities have been reported in PHP which could be exploited by remote attackers to possibly execute arbitrary code on the affected system or conduct SQL injection attacks.

Description

1. PHP Imap_Mail_Compose () Buffer overflow vulnerability ( CVE-2007-1825 )

Buffer overflow vulnerability has been reported in PHP due to boundry condition error in imap_mail_compose () function. The function is used to construct multipart emails. A remote attacker could exploit the vulnerability by passing overly long boundry string to the function to overflow the stack buffer and cause arbitrary code execution.

2. PHP GD graphics library integer overflow vulnerability ( CVE-2007-1001 )

A vulnerability has been reported in PHP due to integer overflow error in the Graphics Library extension when handling WBMP (Wireless Bitmap) images via the "createwbmp()" and "readwbmp()" [ext/gd/libgd/wbmp.c] functions. This could be exploited by context dependant attackers to execute arbitrary code via crafted WBMP (Wireless Bitmap) images.

3. PHP- Fusion Expanded calendar Module SQL injection vulnerability ( CVE-2007-1845 )

A SQL injection vulnerability has been reported in Expanded Calender Module for PHP-Fusion. Input passed to the "m_month" parameter in infusions/calendar_panel/show_event.php is not properly sanitised before being used in SQL queries. This could be exploited by remote attacker to execute arbitrary SQL commands via the m_month parameter.

Solution

Upgrade to the latest version provided by the vendor.
http://www.php.net/

References

FrSirt
http://www.frsirt.com/english/advisories/2007/1269

Secunia
http://secunia.com/advisories/24718

Security Focus
http://www.securityfocus.com/bid/23234
http://www.securityfocus.com/bid/23225

CVE Name
CVE-2007-1825
CVE-2007-1001
CVE-2007-1845

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003