• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: XML-RPC for PHP Remote Code Injection Vulnerability

Severity: HIGH

Description:

XML-RPC for PHP is an implementation of the XML-RPC Web RPC protocol for PHP.

XML-RPC for PHP module is affected by a remote code-injection vulnerability because of an input-validation error.

Exploiting this vulnerability can allow remote attackers to inject malicious code into an application using the library. Specifically, the software fails to properly sanitize before supplying it to an 'eval()' call in the 'parseRequest()' function of XML-RPC.

An attacker may exploit this issue by crafting a malicious XML file and posting it to an affected site. A successful attack can allow the attacker to execute arbitrary commands or code in the context of the Web server. This may facilitate various attacks, including unauthorized remote access.

XML-RPC for PHP 1.1 and prior versions are affected by this issue. Other applications using this library are also affected. Reportedly, applications using the affected XML-RPC PEAR class are vulnerable as well.

Update (November 7, 2005): Reports indicate that the 'Linux.Plupii' worm uses this vulnerability to propagate.

Affected Products:

• Ampache Ampache 3.2.0
• Ampache Ampache 3.2.1
• Ampache Ampache 3.2.2
• Ampache Ampache 3.2.3
• Ampache Ampache 3.2.4
• Ampache Ampache 3.3.0
• Ampache Ampache 3.3.1
• Apple Mac OS X 10.0.0
• Apple Mac OS X 10.0.1
• Apple Mac OS X 10.0.2
• Apple Mac OS X 10.0.3
• Apple Mac OS X 10.0.4
• Apple Mac OS X 10.1.0
• Apple Mac OS X 10.1.0
• Apple Mac OS X 10.1.1
• Apple Mac OS X 10.1.2
• Apple Mac OS X 10.1.3
• Apple Mac OS X 10.1.4
• Apple Mac OS X 10.1.5
• BLOG:CMS BLOG:CMS 3.6.2
• BLOG:CMS BLOG:CMS 3.6.4
• Caldera OpenLinux Server 3.1.0
• Caldera OpenLinux Server 3.1.1
• Caldera OpenLinux Workstation 3.1.0
• Caldera OpenLinux Workstation 3.1.1
• CivicSpace Labs CivicSpace 0.7.2
• CivicSpace Labs CivicSpace 0.8.0 .0.2
• CivicSpace Labs CivicSpace 0.8.0 .0.3
• CivicSpace Labs CivicSpace 0.8.0 .0.4
• CivicSpace Labs CivicSpace 0.8.0 .0.5
• CivicSpace Labs CivicSpace 0.8.1
• Compaq Compaq Secure Web Server PHP 1.0.0
• Conectiva Linux 10.0.0
• Conectiva Linux 6.0.0
• Conectiva Linux 7.0.0
• Conectiva Linux 9.0.0
• Debian Linux 2.2.0
• Debian Linux 2.2.0 68k
• Debian Linux 2.2.0 IA-32
• Debian Linux 2.2.0 alpha
• Debian Linux 2.2.0 arm
• Debian Linux 2.2.0 powerpc
• Debian Linux 2.2.0 sparc
• Debian Linux 3.0.0
• Debian Linux 3.0.0 alpha
• Debian Linux 3.0.0 arm
• Debian Linux 3.0.0 hppa
• Debian Linux 3.0.0 ia-32
• Debian Linux 3.0.0 ia-64
• Debian Linux 3.0.0 m68k
• Debian Linux 3.0.0 mips
• Debian Linux 3.0.0 mipsel
• Debian Linux 3.0.0 ppc
• Debian Linux 3.0.0 s/390
• Debian Linux 3.0.0 sparc
• Debian Linux 3.1.0
• Debian Linux 3.1.0 alpha
• Debian Linux 3.1.0 amd64
• Debian Linux 3.1.0 arm
• Debian Linux 3.1.0 hppa
• Debian Linux 3.1.0 ia-32
• Debian Linux 3.1.0 ia-64
• Debian Linux 3.1.0 m68k
• Debian Linux 3.1.0 mips
• Debian Linux 3.1.0 mipsel
• Debian Linux 3.1.0 ppc
• Debian Linux 3.1.0 s/390
• Debian Linux 3.1.0 sparc
• Drupal Drupal 4.5.0
• Drupal Drupal 4.5.1
• Drupal Drupal 4.5.2
• Drupal Drupal 4.5.2
• Drupal Drupal 4.5.3
• Drupal Drupal 4.6.0
• Drupal Drupal 4.6.1
• Easy Software Products CUPS 1.1.20
• EnGarde Secure Linux 1.0.1
• FreeMed Software FreeMed 0.8.0 .0
• FreeMed Software FreeMed 0.8.1
• Gentoo Linux
• Gentoo Linux 1.2.0
• Gentoo Linux 1.4.0
• Gentoo Linux 1.4.0 _rc1
• Guardian Digital Engarde Secure Linux 1.0.1
• HP Secure OS software for Linux 1.0.0
• HP Tru64 5.1.0 A PK6
• HP Tru64 5.1.0 B-2 PK4
• HP Tru64 5.1.0 B-3
• Linux kernel 2.4.19
• Linux kernel 2.4.21
• Linux kernel 2.6.5
• MAXdev MD-Pro 1.0.72
• MailWatch for MailScanner MailWatch for MailScanner 0.4.0
• MailWatch for MailScanner MailWatch for MailScanner 0.5.0
• MailWatch for MailScanner MailWatch for MailScanner 0.5.1
• MailWatch for MailScanner MailWatch for MailScanner 1.0.0
• MandrakeSoft Corporate Server 1.0.1
• MandrakeSoft Corporate Server 2.1.0
• MandrakeSoft Corporate Server 2.1.0 x86_64
• MandrakeSoft Corporate Server 3.0.0
• MandrakeSoft Corporate Server 3.0.0 x86_64
• MandrakeSoft Linux Mandrake 10.0.0
• MandrakeSoft Linux Mandrake 10.0.0 amd64
• MandrakeSoft Linux Mandrake 10.1.0
• MandrakeSoft Linux Mandrake 10.1.0 x86_64
• MandrakeSoft Linux Mandrake 10.2.0
• MandrakeSoft Linux Mandrake 10.2.0 x86_64
• MandrakeSoft Linux Mandrake 7.1.0
• MandrakeSoft Linux Mandrake 7.2.0
• MandrakeSoft Linux Mandrake 8.0.0
• MandrakeSoft Linux Mandrake 8.0.0 ppc
• MandrakeSoft Linux Mandrake 8.1.0
• MandrakeSoft Linux Mandrake 8.1.0 ia64
• MandrakeSoft Linux Mandrake 8.2.0
• MandrakeSoft Linux Mandrake 8.2.0 ppc
• MandrakeSoft Linux Mandrake 9.0.0
• MandrakeSoft Linux Mandrake 9.1.0
• MandrakeSoft Linux Mandrake 9.1.0 ppc
• MandrakeSoft Multi Network Firewall 2.0.0
• MandrakeSoft Single Network Firewall 7.2.0
• MySQL AB Eventum 1.5.4
• Nucleus CMS Nucleus CMS 3.0.0
• Nucleus CMS Nucleus CMS 3.0.0 1
• Nucleus CMS Nucleus CMS 3.0.0 RC
• Nucleus CMS Nucleus CMS 3.1.0
• Nucleus CMS Nucleus CMS 3.2.0
• OpenPKG OpenPKG 1.1.0
• OpenPKG OpenPKG Current
• PEAR XML_RPC 1.3.0
• PEAR XML_RPC 1.3.0 RC1
• PEAR XML_RPC 1.3.0 RC2
• PEAR XML_RPC 1.3.0 RC3
• PHP PHP 4.0.0 0
• PHP PHP 4.0.1
• PHP PHP 4.0.1 pl1
• PHP PHP 4.0.1 pl2
• PHP PHP 4.0.2
• PHP PHP 4.0.3
• PHP PHP 4.0.3 pl1
• PHP PHP 4.0.4
• PHP PHP 4.0.5
• PHP PHP 4.0.6
• PHP PHP 4.0.7
• PHP PHP 4.0.7 RC1
• PHP PHP 4.0.7 RC2
• PHP PHP 4.0.7 RC3
• PHP PHP 4.1.0 .0
• PHP PHP 4.1.1
• PHP PHP 4.1.2
• PHP PHP 4.2.0 -dev
• PHP PHP 4.2.0 .0
• PHP PHP 4.2.1
• PHP PHP 4.2.2
• PHP PHP 4.2.3
• PHP PHP 4.3.0
• PHP PHP 4.3.1
• PHP PHP 4.3.10
• PHP PHP 4.3.11
• PHP PHP 4.3.2
• PHP PHP 4.3.3
• PHP PHP 4.3.4
• PHP PHP 4.3.5
• PHP PHP 4.3.6
• PHP PHP 4.3.7
• PHP PHP 4.3.8
• PHP PHP 4.3.9
• PHP-Wiki PHP-Wiki 1.2.0
• PHP-Wiki PHP-Wiki 1.2.1
• PHP-Wiki PHP-Wiki 1.2.2
• PHP-Wiki PHP-Wiki 1.3.1
• PHP-Wiki PHP-Wiki 1.3.10
• PHP-Wiki PHP-Wiki 1.3.11 _rc2
• PHP-Wiki PHP-Wiki 1.3.11 _rc3
• PHP-Wiki PHP-Wiki 1.3.2
• PHP-Wiki PHP-Wiki 1.3.3
• PHP-Wiki PHP-Wiki 1.3.9
• PHPGroupWare PHPGroupWare 0.9.12
• PHPGroupWare PHPGroupWare 0.9.13
• PHPGroupWare PHPGroupWare 0.9.14
• PHPGroupWare PHPGroupWare 0.9.14 .001
• PHPGroupWare PHPGroupWare 0.9.14 .002
• PHPGroupWare PHPGroupWare 0.9.14 .004
• PHPGroupWare PHPGroupWare 0.9.14.003
• PHPGroupWare PHPGroupWare 0.9.14.005
• PHPGroupWare PHPGroupWare 0.9.14.006
• PHPGroupWare PHPGroupWare 0.9.14.007
• PHPGroupWare PHPGroupWare 0.9.16 .000
• PHPGroupWare PHPGroupWare 0.9.16 .002
• PHPGroupWare PHPGroupWare 0.9.16 .003
• PHPGroupWare PHPGroupWare 0.9.16 .005
• PHPGroupWare PHPGroupWare 0.9.16 .006
• PHPGroupWare PHPGroupWare 0.9.16 RC2
• PHPGroupWare PHPGroupWare 0.9.16 RC3
• PHPGroupWare PHPGroupWare 0.9.16RC1
• PostNuke Development Team PostNuke 0.75.0
• PostNuke Development Team PostNuke 0.76.0 RC4
• PostNuke Development Team PostNuke 0.76.0 RC4a
• PostNuke Development Team PostNuke 0.76.0 RC4b
• RedHat Desktop 3.0.0
• RedHat Desktop 4.0.0
• RedHat Enterprise Linux AS 3
• RedHat Enterprise Linux AS 4
• RedHat Enterprise Linux ES 3
• RedHat Enterprise Linux ES 4
• RedHat Enterprise Linux WS 3
• RedHat Enterprise Linux WS 4
• RedHat Fedora Core1
• RedHat Fedora Core2
• RedHat Fedora Core3
• RedHat Fedora Core4
• RedHat Linux 6.2.0
• RedHat Linux 6.2.0 alpha
• RedHat Linux 6.2.0 i386
• RedHat Linux 6.2.0 sparc
• RedHat Linux 7.0.0
• RedHat Linux 7.0.0 alpha
• RedHat Linux 7.0.0 i386
• RedHat Linux 7.1.0
• RedHat Linux 7.1.0 alpha
• RedHat Linux 7.1.0 i386
• RedHat Linux 7.1.0 ia64
• RedHat Linux 7.2.0
• RedHat Linux 7.2.0 i386
• RedHat Linux 7.2.0 ia64
• RedHat Linux 8.0.0
• RedHat Linux 8.0.0 i386
• S.u.S.E. Linux 6.4.0
• S.u.S.E. Linux 6.4.0 alpha
• S.u.S.E. Linux 6.4.0 i386
• S.u.S.E. Linux 6.4.0 ppc
• S.u.S.E. Linux 7.0.0
• S.u.S.E. Linux 7.0.0 alpha
• S.u.S.E. Linux 7.0.0 i386
• S.u.S.E. Linux 7.0.0 ppc
• S.u.S.E. Linux 7.0.0 sparc
• S.u.S.E. Linux 7.1.0
• S.u.S.E. Linux 7.1.0 alpha
• S.u.S.E. Linux 7.1.0 ppc
• S.u.S.E. Linux 7.1.0 sparc
• S.u.S.E. Linux 7.1.0 x86
• S.u.S.E. Linux 7.2.0
• S.u.S.E. Linux 7.2.0 i386
• S.u.S.E. Linux 7.3.0
• S.u.S.E. Linux 7.3.0 i386
• S.u.S.E. Linux 7.3.0 ppc
• S.u.S.E. Linux 7.3.0 sparc
• S.u.S.E. Linux 8.0.0
• S.u.S.E. Linux 8.0.0 i386
• S.u.S.E. Linux 8.1.0
• S.u.S.E. Linux Desktop 1.0.0
• S.u.S.E. Linux Enterprise Server 8
• S.u.S.E. Linux Enterprise Server 9
• S.u.S.E. Linux Personal 8.2.0
• S.u.S.E. Linux Personal 9.0.0
• S.u.S.E. Linux Personal 9.0.0 x86_64
• S.u.S.E. Linux Personal 9.1.0
• S.u.S.E. Linux Personal 9.1.0 x86_64
• S.u.S.E. Linux Personal 9.2.0
• S.u.S.E. Linux Personal 9.2.0 x86_64
• S.u.S.E. Linux Personal 9.3.0
• S.u.S.E. Linux Personal 9.3.0 x86_64
• S.u.S.E. Linux Professional 8.2.0
• S.u.S.E. Linux Professional 8.2.0
• S.u.S.E. Linux Professional 9.0.0
• S.u.S.E. Linux Professional 9.0.0 x86_64
• S.u.S.E. Linux Professional 9.1.0
• S.u.S.E. Linux Professional 9.1.0 x86_64
• S.u.S.E. Linux Professional 9.2.0
• S.u.S.E. Linux Professional 9.2.0 x86_64
• S.u.S.E. Linux Professional 9.3.0
• S.u.S.E. Linux Professional 9.3.0 x86_64
• S.u.S.E. Novell Linux Desktop 9.0.0
• S.u.S.E. Open-Enterprise-Server 9.0.0
• S.u.S.E. SUSE LINUX Retail Solution 8.0.0
• S.u.S.E. SuSE Linux Openexchange Server 4.0.0
• S.u.S.E. SuSE Linux School Server for i386
• S.u.S.E. SuSE Linux Standard Server 8.0.0
• S9Y Serendipity 0.8.0
• S9Y Serendipity 0.8.0 -beta5
• S9Y Serendipity 0.8.0 -beta6
• S9Y Serendipity 0.8.0 -beta6 Snapshot
• S9Y Serendipity 0.8.1
• SGI ProPack 3.0.0 SP6
• Seagull PHP Framework Seagull PHP Framework 0.4.0
• Seagull PHP Framework Seagull PHP Framework 0.4.0 dev1
• Seagull PHP Framework Seagull PHP Framework 0.4.0 dev2
• Seagull PHP Framework Seagull PHP Framework 0.4.0 dev3
• Seagull PHP Framework Seagull PHP Framework 0.4.1
• Seagull PHP Framework Seagull PHP Framework 0.4.2
• Seagull PHP Framework Seagull PHP Framework 0.4.3
• Slackware Linux 8.1.0
• Sun Cobalt Control Station 4100CS
• Sun Cobalt Qube3 4000WG
• Sun Cobalt Qube3 Japanese 4000WGJ
• Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ
• Sun Cobalt Qube3 Japanese w/Caching 4010WGJ
• Sun Cobalt Qube3 w/ Caching and RAID 4100WG
• Sun Cobalt Qube3 w/Caching 4010WG
• Sun Cobalt RaQ 550
• Sun Cobalt RaQ XTR 3500R
• Sun Cobalt RaQ XTR Japanese 3500R-ja
• Sun Cobalt RaQ4 3001R
• Sun Cobalt RaQ4 Japanese RAID 3100R-ja
• Sun Cobalt RaQ4 RAID 3100R
• Sun LX50
• TikiWiki Project TikiWiki 1.6.1
• TikiWiki Project TikiWiki 1.7.1 .1
• TikiWiki Project TikiWiki 1.7.2
• TikiWiki Project TikiWiki 1.7.3
• TikiWiki Project TikiWiki 1.7.4
• TikiWiki Project TikiWiki 1.7.5
• TikiWiki Project TikiWiki 1.7.6
• TikiWiki Project TikiWiki 1.7.7
• TikiWiki Project TikiWiki 1.7.8
• TikiWiki Project TikiWiki 1.7.9
• TikiWiki Project TikiWiki 1.8.0
• TikiWiki Project TikiWiki 1.8.1
• TikiWiki Project TikiWiki 1.8.2
• TikiWiki Project TikiWiki 1.8.3
• TikiWiki Project TikiWiki 1.8.4
• Trustix Secure Enterprise Linux 2.0.0
• Trustix Secure Linux 1.5.0
• Trustix Secure Linux 2.0.0
• Trustix Secure Linux 2.1.0
• Trustix Secure Linux 2.2.0
• Trustix Secure Linux 3.0.0
• Turbolinux Home
• Turbolinux Turbolinux 10 F...
• Turbolinux Turbolinux Desktop 10.0.0
• Turbolinux Turbolinux Server 10.0.0
• Turbolinux Turbolinux Server 7.0.0
• Turbolinux Turbolinux Server 8.0.0
• Turbolinux Turbolinux Workstation 7.0.0
• Turbolinux Turbolinux Workstation 8.0.0
• Ubuntu Ubuntu Linux 4.1.0 ia32
• Ubuntu Ubuntu Linux 4.1.0 ia64
• Ubuntu Ubuntu Linux 4.1.0 ppc
• Ubuntu Ubuntu Linux 5.0.0 4 amd64
• Ubuntu Ubuntu Linux 5.0.0 4 i386
• Ubuntu Ubuntu Linux 5.0.0 4 powerpc
• WordPress WordPress 0.7.0
• WordPress WordPress 0.71.0
• WordPress WordPress 1.2.0
• WordPress WordPress 1.2.1
• WordPress WordPress 1.2.2
• WordPress WordPress 1.5.0
• WordPress WordPress 1.5.1
• WordPress WordPress 1.5.1 .2
• XML-RPC for PHP XML-RPC for PHP 1.0.0
• XML-RPC for PHP XML-RPC for PHP 1.0.0 1
• XML-RPC for PHP XML-RPC for PHP 1.0.0 2
• XML-RPC for PHP XML-RPC for PHP 1.0.99
• XML-RPC for PHP XML-RPC for PHP 1.0.99 .2
• XML-RPC for PHP XML-RPC for PHP 1.1.0
• Xoops Xoops 2.0.0
• Xoops Xoops 2.0.1
• Xoops Xoops 2.0.10
• Xoops Xoops 2.0.11
• Xoops Xoops 2.0.12
• Xoops Xoops 2.0.2
• Xoops Xoops 2.0.3
• Xoops Xoops 2.0.5
• Xoops Xoops 2.0.5.1
• Xoops Xoops 2.0.5.2
• Xoops Xoops 2.0.9 .2
• Xoops Xoops 2.0.9 .3
• Xpdf Xpdf 3.0.0 0
• b2evolution b2evolution 0.8.2
• b2evolution b2evolution 0.8.2.2
• b2evolution b2evolution 0.8.6
• b2evolution b2evolution 0.8.6.1
• b2evolution b2evolution 0.8.6.2
• b2evolution b2evolution 0.8.7
• b2evolution b2evolution 0.8.9
• b2evolution b2evolution 0.9.0.0.03
• b2evolution b2evolution 0.9.0.0.05
• b2evolution b2evolution 0.9.0.0.08
• b2evolution b2evolution 0.9.0.0.09
• b2evolution b2evolution 0.9.0.0.10
• b2evolution b2evolution 0.9.0.0.11
• b2evolution b2evolution 0.9.0.0.12
• eGroupWare eGroupWare 1.0.0 .0.007
• eGroupWare eGroupWare 1.0.1
• eGroupWare eGroupWare 1.0.3
• eGroupWare eGroupWare 1.0.6
• libpng libpng 1.0.15
• libpng libpng3 1.2.5
• phpAdsNew phpAdsNew 0.0.02 dev 09102001
• phpAdsNew phpAdsNew 0.0.02 dev 30092001
• phpAdsNew phpAdsNew 2.0.0 beta 6
• phpAdsNew phpAdsNew 2.0.0beta 5
• phpAdsNew phpAdsNew 2.0.4 -pr1
• phpAdsNew phpAdsNew 2.0.4 -pr2
• phpMyFAQ phpMyFAQ 1.4.0
• phpMyFAQ phpMyFAQ 1.4.0 -alpha 1
• phpMyFAQ phpMyFAQ 1.4.0 -alpha 2
• phpMyFAQ phpMyFAQ 1.4.0 a
• phpMyFAQ phpMyFAQ 1.4.1
• phpMyFAQ phpMyFAQ 1.4.2
• phpMyFAQ phpMyFAQ 1.4.3
• phpMyFAQ phpMyFAQ 1.4.4
• phpMyFAQ phpMyFAQ 1.4.5
• phpMyFAQ phpMyFAQ 1.4.6
• phpMyFAQ phpMyFAQ 1.4.7
• phpMyFAQ phpMyFAQ 1.4.8
• phpMyFAQ phpMyFAQ 1.5.0 Beta3
• phpMyFAQ phpMyFAQ 1.5.0 RC1
• phpMyFAQ phpMyFAQ 1.5.0 RC2
• phpMyFAQ phpMyFAQ 1.5.0 RC3
• phpMyFAQ phpMyFAQ 1.5.0 RC4
• phpMyFAQ phpMyFAQ 1.5.0 alpha1
• phpMyFAQ phpMyFAQ 1.5.0 alpha2
• phpMyFAQ phpMyFAQ 1.5.0 beta1
• phpMyFAQ phpMyFAQ 1.5.0 beta2
• phpPgAds phpPgAds 2.0.0
• phpPgAds phpPgAds 2.0.6
• phpWebsite phpWebsite 0.10.0
• phpWebsite phpWebsite 0.10.1
• phpWebsite phpWebsite 0.9.3
• phpWebsite phpWebsite 0.9.3 -1
• phpWebsite phpWebsite 0.9.3 -2
• phpWebsite phpWebsite 0.9.3 -3
• phpWebsite phpWebsite 0.9.3 -4

References:

• Ampache: Ampache Home Page
• BLOG:CMS: BLOG:CMS Homepage
• Conectiva: CLSA-2005:980 - php4
• Drupal: Drupal 4.6.2 and 4.5.4 released
• FreeMed Software: FreeMed 0.8.1.1 Released
• GulfTech Research: PHPXMLRPC Library Remote Code Execution
• MAXdev: Remote Code Injection via xml rpc (third party library used in MD-Pro CMS)
• MailWatch for MailScanner: MailWatch for MailScanner Home Page
• MySQL AB: Eventum 1.5.5 Released
• Nucleus: Nucleus CMS Homepage
• PEAR: PEAR Home Page
• PEAR: PEAR XML_RPC Change Log
• PHP: PHP 4 ChangeLog
• PHP-Wiki: PHP-Wiki Homepage
• PHPGroupWare: PHPGroupWare Homepage
• PostNuke Development Team: PostNuke Homepage
• PostNuke Development Team: Remote Code Injection via xml rpc
• Promanager: ProManager Homepage
• RedHat: RHSA-2005:564-15 - php security update
• S9Y: CRITICAL BUGFIX RELEASE: Serendipity 0.8.2
• S9Y: Serendipity Homepage
• Seagull: Vendor Homepage
• Symantec: Linux.Plupii
• WordPress: WordPress 1.5.1.3 Available
• b2evolution: b2evolution Home page
• eGroupWare: eGroupWare Homepage
• phpAdsNew: phpAdsNew Homepage
• phpMyFAQ: Execution of arbitrary PHP code in phpMyFAQ version 1.4 and 1.5
• phpPgAds: phpPgAds Home Page

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.