PHP Folded Mail Headers Email Header Injection Vulnerability

Ante Karamatić ivoks at grad.hr
Tue May 8 08:15:30 UTC 2007


Jim Tarvid wrote:

> http://www.securityfocus.com/bid/23145
> 
> I have 50 odd web sites some of which are getting pummeled by spammers
> because of this problem.

That bug was fixed in LTS, 6.10 and 7.04 on 23th of April:

php5 (5.1.2-1ubuntu3.7) dapper-security; urgency=low

...
   * MOPB-34.patch: mail() Header Injection (CVE-2007-1718)
...
  -- Kees Cook <kees at ubuntu.com>  Mon, 23 Apr 2007 16:38:58 -0700

Or are you trying to say that fix doesn't work for you?




More information about the ubuntu-server mailing list