CVE-2002-0985

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
References
Link Resource
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 Broken Link
http://marc.info/?l=bugtraq&m=103011916928204&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=105760591228031&w=2 Third Party Advisory
http://www.debian.org/security/2002/dsa-168 Broken Link Patch Vendor Advisory
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082 Broken Link
http://www.novell.com/linux/security/advisories/2002_036_modphp4.html Broken Link
http://www.osvdb.org/2111 Broken Link
http://www.redhat.com/support/errata/RHSA-2002-213.html Broken Link Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2002-214.html Broken Link
http://www.redhat.com/support/errata/RHSA-2002-243.html Broken Link
http://www.redhat.com/support/errata/RHSA-2002-244.html Broken Link
http://www.redhat.com/support/errata/RHSA-2002-248.html Broken Link
http://www.redhat.com/support/errata/RHSA-2003-159.html Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/9966 Third Party Advisory VDB Entry
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 Broken Link
http://marc.info/?l=bugtraq&m=103011916928204&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=105760591228031&w=2 Third Party Advisory
http://www.debian.org/security/2002/dsa-168 Broken Link Patch Vendor Advisory
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082 Broken Link
http://www.novell.com/linux/security/advisories/2002_036_modphp4.html Broken Link
http://www.osvdb.org/2111 Broken Link
http://www.redhat.com/support/errata/RHSA-2002-213.html Broken Link Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2002-214.html Broken Link
http://www.redhat.com/support/errata/RHSA-2002-243.html Broken Link
http://www.redhat.com/support/errata/RHSA-2002-244.html Broken Link
http://www.redhat.com/support/errata/RHSA-2002-248.html Broken Link
http://www.redhat.com/support/errata/RHSA-2003-159.html Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/9966 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*

History

20 Nov 2024, 23:40

Type Values Removed Values Added
References () ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt - Broken Link () ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt - Broken Link
References () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 - Broken Link () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 - Broken Link
References () http://marc.info/?l=bugtraq&m=103011916928204&w=2 - Third Party Advisory () http://marc.info/?l=bugtraq&m=103011916928204&w=2 - Third Party Advisory
References () http://marc.info/?l=bugtraq&m=105760591228031&w=2 - Third Party Advisory () http://marc.info/?l=bugtraq&m=105760591228031&w=2 - Third Party Advisory
References () http://www.debian.org/security/2002/dsa-168 - Broken Link, Patch, Vendor Advisory () http://www.debian.org/security/2002/dsa-168 - Broken Link, Patch, Vendor Advisory
References () http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082 - Broken Link () http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082 - Broken Link
References () http://www.novell.com/linux/security/advisories/2002_036_modphp4.html - Broken Link () http://www.novell.com/linux/security/advisories/2002_036_modphp4.html - Broken Link
References () http://www.osvdb.org/2111 - Broken Link () http://www.osvdb.org/2111 - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2002-213.html - Broken Link, Patch, Vendor Advisory () http://www.redhat.com/support/errata/RHSA-2002-213.html - Broken Link, Patch, Vendor Advisory
References () http://www.redhat.com/support/errata/RHSA-2002-214.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2002-214.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2002-243.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2002-243.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2002-244.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2002-244.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2002-248.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2002-248.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2003-159.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2003-159.html - Broken Link
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/9966 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/9966 - Third Party Advisory, VDB Entry

13 Feb 2024, 18:00

Type Values Removed Values Added
CPE cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
References (DEBIAN) http://www.debian.org/security/2002/dsa-168 - Patch, Vendor Advisory (DEBIAN) http://www.debian.org/security/2002/dsa-168 - Broken Link, Patch, Vendor Advisory
References (CALDERA) ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt - (CALDERA) ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt - Broken Link
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-248.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-248.html - Broken Link
References (CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 - (CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 - Broken Link
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-243.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-243.html - Broken Link
References (MANDRAKE) http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082 - (MANDRAKE) http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082 - Broken Link
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2003-159.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2003-159.html - Broken Link
References (OSVDB) http://www.osvdb.org/2111 - (OSVDB) http://www.osvdb.org/2111 - Broken Link
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-214.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-214.html - Broken Link
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-244.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-244.html - Broken Link
References (SUSE) http://www.novell.com/linux/security/advisories/2002_036_modphp4.html - (SUSE) http://www.novell.com/linux/security/advisories/2002_036_modphp4.html - Broken Link
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=103011916928204&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=103011916928204&w=2 - Third Party Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/9966 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/9966 - Third Party Advisory, VDB Entry
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-213.html - Patch, Vendor Advisory (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-213.html - Broken Link, Patch, Vendor Advisory
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=105760591228031&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=105760591228031&w=2 - Third Party Advisory
CWE NVD-CWE-Other CWE-88
First Time Openpkg openpkg
Openpkg

Information

Published : 2002-09-24 04:00

Updated : 2024-11-20 23:40


NVD link : CVE-2002-0985

Mitre link : CVE-2002-0985

CVE.ORG link : CVE-2002-0985


JSON object : View

Products Affected

php

  • php

openpkg

  • openpkg
CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')