• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: PHP Filter_Var FILTER_VALIDATE_EMAIL Newline Injection Vulnerability

Severity: MODERATE

Description:

PHP is a general-purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP has a 'filter_var()' function that is designed to sanitize user-supplied input for various purposes. The 'FILTER_VALIDATE_EMAIL' option is designed to ensure that supplied input is a valid email address.

PHP is prone to an email-newline-injection vulnerability because it fails to properly sanitize user-supplied input.

Specifically, the 'filter_var()' function fails to properly use regular-expression matching options when filtering user-supplied input. This allows attackers to include a single newline character at the end of email addresses.

When a PHP application constructs email messages using the attacker-supplied input, it may potentially allow attackers to inject arbitrary email. Note that this outcome heavily depends on the design of the PHP application that uses the affected filter functionality.

Exploiting this issue may allow attackers to create arbitrary email headers, and then create and transmit spam messages from the affected computer.

Affected Products:

• Debian Linux 4.0
• Debian Linux 4.0 alpha
• Debian Linux 4.0 amd64
• Debian Linux 4.0 arm
• Debian Linux 4.0 hppa
• Debian Linux 4.0 ia-32
• Debian Linux 4.0 ia-64
• Debian Linux 4.0 m68k
• Debian Linux 4.0 mips
• Debian Linux 4.0 mipsel
• Debian Linux 4.0 powerpc
• Debian Linux 4.0 s/390
• Debian Linux 4.0 sparc
• Gentoo Linux
• HP HP-UX B.11.11
• HP HP-UX B.11.23
• HP HP-UX B.11.31
• Linux kernel 2.4.19
• Linux kernel 2.4.21
• Linux kernel 2.6.5
• MandrakeSoft Corporate Server 3.0.0
• MandrakeSoft Corporate Server 3.0.0 x86_64
• MandrakeSoft Corporate Server 4.0
• MandrakeSoft Corporate Server 4.0.0 x86_64
• MandrakeSoft Multi Network Firewall 2.0.0
• PHP PHP 5.2
• PHP PHP 5.2.1
• PHP PHP 5.2.2
• S.u.S.E. Linux 10.0 ppc
• S.u.S.E. Linux 10.0 x86
• S.u.S.E. Linux 10.0 x86-64
• S.u.S.E. Linux 10.1 ppc
• S.u.S.E. Linux 10.1 x86
• S.u.S.E. Linux 10.1 x86-64
• S.u.S.E. Linux 9.3 x86
• S.u.S.E. Linux 9.3 x86-64
• S.u.S.E. Linux Enterprise SDK 10
• S.u.S.E. Linux Enterprise Server 10
• S.u.S.E. Linux Enterprise Server 8
• S.u.S.E. Linux Enterprise Server 9
• S.u.S.E. Linux Openexchange Server
• S.u.S.E. Linux Personal 10.0.0 OSS
• S.u.S.E. Linux Personal 10.1
• S.u.S.E. Linux Personal 10.2
• S.u.S.E. Linux Personal 10.2 x86_64
• S.u.S.E. Linux Personal 9.3.0
• S.u.S.E. Linux Personal 9.3.0 x86_64
• S.u.S.E. Linux Professional 10.0.0
• S.u.S.E. Linux Professional 10.0.0 OSS
• S.u.S.E. Linux Professional 10.1
• S.u.S.E. Linux Professional 10.2
• S.u.S.E. Linux Professional 10.2 x86_64
• S.u.S.E. Linux Professional 9.3.0
• S.u.S.E. Linux Professional 9.3.0 x86_64
• S.u.S.E. Novell Linux POS 9
• S.u.S.E. Open-Enterprise-Server
• S.u.S.E. SLE SDK 10
• S.u.S.E. SUSE LINUX Retail Solution 8.0.0
• S.u.S.E. SUSE Linux Enterprise Desktop 10
• S.u.S.E. SUSE Linux Enterprise Server 10
• S.u.S.E. SuSE Linux Openexchange Server 4.0.0
• S.u.S.E. SuSE Linux School Server for i386
• S.u.S.E. SuSE Linux Standard Server 8.0.0
• S.u.S.E. UnitedLinux 1.0.0
• S.u.S.E. openSUSE 10.2
• Slackware Linux -current
• Slackware Linux 10.2.0
• Slackware Linux 11.0
• Trustix Operating System Enterprise Server 2.0
• Trustix Secure Linux 2.0.0
• Trustix Secure Linux 3.0.0
• Trustix Secure Linux 3.0.5
• Ubuntu Ubuntu Linux 6.06 LTS amd64
• Ubuntu Ubuntu Linux 6.06 LTS i386
• Ubuntu Ubuntu Linux 6.06 LTS powerpc
• Ubuntu Ubuntu Linux 6.06 LTS sparc
• Ubuntu Ubuntu Linux 6.10 amd64
• Ubuntu Ubuntu Linux 6.10 i386
• Ubuntu Ubuntu Linux 6.10 powerpc
• Ubuntu Ubuntu Linux 6.10 sparc
• Ubuntu Ubuntu Linux 7.04 amd64
• Ubuntu Ubuntu Linux 7.04 i386
• Ubuntu Ubuntu Linux 7.04 powerpc
• Ubuntu Ubuntu Linux 7.04 sparc

References:

• MOPB: PMOPB-45-2007:PHP ext/filter Email Validation Vulnerability
• PHP: ChangeLog Version 5.2.3
• PHP: PHP Homepage
• SUSE: SUSE Security Announcement: php4,php5 security problems (SUSE-SA:2007:032)

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.