Server Warning: Possible Injection backup_migrate/includes/destinations.email.inc [#1766250]

Posted by bluecafe on September 1, 2012 at 6:58am

3 followers

Issue Summary

Aug 30 20:16:04 XXX-server suhosin[29703]: ALERT - mail() - double newline in headers, possible injection, mail dropped (attacker '198.232.250.55', file '/srv/www/virtual/xxxxxxxx.de/htdocs/sites/all/modules/backup_migrate/includes/destinations.email.inc', line 138)

Got this message in my server log. As you can imagine I am concerned about a possible security hole. Any advice is appreciated. Thanks.

Comments

#1

Posted by Leiph on November 15, 2012 at 1:34pm

Category:

support request

» bug report

I double this.

Email is not sent.

Message;
Warning: mail() [function.mail]: mail() - double newline in headers, possible injection, mail dropped i mime_mail->send() (line 138 .../sites/all/modules/backup_migrate/includes/destinations.email.inc).

I doubt that this is an attack since the error message persist regardless of host or site.

Changing to 'bug report'.

#2

Posted by ronan on May 14, 2013 at 6:53pm

Status:

active

» closed (duplicate)

Dupe of #1503202: Suhosin refuses sending mail because of to many new lines in mail header (possible attacker)

Project:	Backup and Migrate
Version:	7.x-2.4
Component:	Miscellaneous
Category:	bug report
Priority:	critical
Assigned:	Unassigned
Status:	closed (duplicate)

Server Warning: Possible Injection backup_migrate/includes/destinations.email.inc

Jump to:

Issue Summary

Comments

#1

#2