Launchpad CVE tracker

CVE 2005-3883

CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.

Related bugs and status

CVE-2005-3883 (Candidate) is related to these bugs:

Bug #24363: php-pear: pear upgrade-all gives me Fatal error: Cannot instantiate

Summary				In	Importance	Status
	24363	php-pear: pear upgrade-all gives me Fatal error: Cannot instantiate		php5 (Ubuntu)	High	Invalid
	24363	php-pear: pear upgrade-all gives me Fatal error: Cannot instantiate		php5 (Debian)	Unknown	Fix Released

Bug #24857: PHP 5.0.5 fixes security bugs

Summary				In	Importance	Status
	24857	PHP 5.0.5 fixes security bugs		php5 (Ubuntu)	High	Fix Released
	24857	PHP 5.0.5 fixes security bugs		php5 (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.php.net/rel...
MISC: http://bugs.php.net/bu...
BID: 15571
SECUNIA: 17763
SECTRACK: 1015296
SECUNIA: 18054
SECUNIA: 18198
REDHAT: RHSA-2006:0276
SECUNIA: 19832
CONFIRM: http://support.avaya.c...
SECUNIA: 20951
SGI: 20060501-01-U
SECUNIA: 20210
TURBO: TLSA-2006-38
MANDRIVA: MDKSA-2005:238
VUPEN: ADV-2006-2685
UBUNTU: USN-232-1
XF: php-mbsendmail-header-...
OVAL: oval:org.mitre.oval:de...
SUSE: SUSE-SA:2005:069

Launchpad.net

CVE 2005-3883

Related bugs and status

Related bugs

References