Bug 233384 - lang/php56: imap_open allows to run arbitrary shell commands via mailbox parameter
Summary: lang/php56: imap_open allows to run arbitrary shell commands via mailbox para...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Alex Dupre
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-11-21 16:16 UTC by Jochen Neumeister
Modified: 2018-11-22 19:01 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (ale)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jochen Neumeister freebsd_committer freebsd_triage 2018-11-21 16:16:48 UTC 
Hey Alex :-)

There is a vulnerability in PHP56:
https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php

There is a Bug Report: https://bugs.php.net/bug.php?id=77153&edit=1

And here is a patch for PHP56: https://gist.github.com/cmb69/b3ca981599bf21004c6417ab64dea4b7#file-disable-rsh-globally-patch

Greetings
Comment 1 commit-hook freebsd_committer freebsd_triage 2018-11-22 09:27:34 UTC 
A commit references this bug:

Author: ale
Date: Thu Nov 22 09:26:38 UTC 2018
New revision: 485585
URL: https://svnweb.freebsd.org/changeset/ports/485585

Log:
  Disable rsh/ssh functionality in imap by default (php bug #77153).

  PR:		233384
  Submitted by:	joneum

Changes:
  head/mail/php56-imap/Makefile
  head/mail/php56-imap/files/patch-config.m4
  head/mail/php56-imap/files/patch-php__imap.c
  head/mail/php56-imap/files/patch-php__imap.h
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-11-22 10:54:52 UTC 
A commit references this bug:

Author: ale
Date: Thu Nov 22 10:53:58 UTC 2018
New revision: 485595
URL: https://svnweb.freebsd.org/changeset/ports/485595

Log:
  MFH: r485585

  Disable rsh/ssh functionality in imap by default (php bug #77153).

  PR:		233384
  Submitted by:	joneum

  Approved by:	ports-secteam (blanket, security fix)

Changes:
_U  branches/2018Q4/
  branches/2018Q4/mail/php56-imap/Makefile
  branches/2018Q4/mail/php56-imap/files/patch-config.m4
  branches/2018Q4/mail/php56-imap/files/patch-php__imap.c
  branches/2018Q4/mail/php56-imap/files/patch-php__imap.h
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-11-22 11:54:39 UTC 
A commit references this bug:

Author: joneum
Date: Thu Nov 22 11:53:56 UTC 2018
New revision: 485597
URL: https://svnweb.freebsd.org/changeset/ports/485597

Log:
  Disable rsh/ssh functionality in imap by default (php bug #77153).

  PR:		233384
  Submitted by:	joneum
  Approved by:	tz (implicit)
  MFH:		2018Q4
  Security:	ec49f6b5-ee39-11e8-b2f4-74d435b63d51
  Sponsored by:	Netzkommune GmbH

Changes:
  head/mail/php70-imap/Makefile
  head/mail/php70-imap/files/patch-php__imap.c
  head/mail/php70-imap/files/patch-php__imap.h
  head/mail/php71-imap/Makefile
  head/mail/php71-imap/files/patch-php__imap.c
  head/mail/php71-imap/files/patch-php__imap.h
  head/mail/php72-imap/Makefile
  head/mail/php72-imap/files/patch-php__imap.c
  head/mail/php72-imap/files/patch-php__imap.h
  head/mail/php73-imap/Makefile
  head/mail/php73-imap/files/patch-php__imap.c
  head/mail/php73-imap/files/patch-php__imap.h
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-11-22 19:01:11 UTC 
A commit references this bug:

Author: antoine
Date: Thu Nov 22 19:00:06 UTC 2018
New revision: 485608
URL: https://svnweb.freebsd.org/changeset/ports/485608

Log:
  MFH: r485597

  Disable rsh/ssh functionality in imap by default (php bug #77153).

  PR:		233384
  Submitted by:	joneum
  Approved by:	tz (implicit)
  Security:	ec49f6b5-ee39-11e8-b2f4-74d435b63d51
  Sponsored by:	Netzkommune GmbH

Changes:
  branches/2018Q4/mail/php70-imap/Makefile
  branches/2018Q4/mail/php70-imap/files/patch-php__imap.c
  branches/2018Q4/mail/php70-imap/files/patch-php__imap.h
  branches/2018Q4/mail/php71-imap/Makefile
  branches/2018Q4/mail/php71-imap/files/patch-php__imap.c
  branches/2018Q4/mail/php71-imap/files/patch-php__imap.h
  branches/2018Q4/mail/php72-imap/Makefile
  branches/2018Q4/mail/php72-imap/files/patch-php__imap.c
  branches/2018Q4/mail/php72-imap/files/patch-php__imap.h