Bug#504255: marked as done (CVE-2007-3215: remote shell command execution in class.phpmailer.php)

Mon, 17 Nov 2008 02:43:16 -0800 

Your message dated Mon, 17 Nov 2008 11:22:48 +0100 (CET)
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#504255: CVE-2007-3215: remote shell command execution 
in
has caused the Debian Bug report #504255,
regarding CVE-2007-3215: remote shell command execution in class.phpmailer.php
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
504255: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504255
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message --- 
Package: phpgroupware-felamimail
Severity: grave
Version: 0.9.16.011-2.2
Tags: security patch

Hi,

The following CVE (Common Vulnerabilities & Exposures) id was published for 
PHPMailer, which affects the embedded copy shipped in 
phpgroupware-felamimail[0].

CVE-2007-3215[1]:
> PHPMailer 1.7, when configured to use sendmail, allows remote attackers to
> execute arbitrary shell commands via shell metacharacters in the
> SendmailSend function in class.phpmailer.php.

The patch for class.phpmailer.php can be found at [2]. However, it would be 
better if phpgroupware-felamimail just depended on libphp-phpmailer (also 
available in etch) and the include/require calls changed to use the copy 
provided by that package, to avoid shipping yet another embedded code copy.

If you fix the vulnerability please also make sure to include the CVE id in 
the changelog entry.

[0] usr/share/phpgroupware/felamimail/inc/class.phpmailer.inc.php
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3215
     http://security-tracker.debian.net/tracker/CVE-2007-3215
[2]http://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

Attachment: signature.asc
Description: This is a digitally signed message part.


--- End Message ---
--- Begin Message --- 
On Sat, November 8, 2008 21:52, Thijs Kinkhorst wrote:
> I am not sure on how this would be exploited. The code execution only
> happens when choosing the 'sendmail' method of PhpMailer, which is not the
> default. I cannot find a way to configure phpgroupware to use the
> 'sendmail' method.

Closing the bug as not exploitable; we are not going to replace phpmailer
with the packaged version in stable.


Thijs

--- End Message ---

Reply via email to