CVE-2002-0985

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.redhat.com/support/errata/RHSA-2002-213.html	Patch Vendor Advisory
http://www.debian.org/security/2002/dsa-168	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2002-214.html
http://www.redhat.com/support/errata/RHSA-2002-243.html
http://www.redhat.com/support/errata/RHSA-2002-244.html
http://www.redhat.com/support/errata/RHSA-2002-248.html
http://www.redhat.com/support/errata/RHSA-2003-159.html
http://www.novell.com/linux/security/advisories/2002_036_modphp4.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082
http://www.osvdb.org/2111
http://marc.info/?l=bugtraq&m=103011916928204&w=2
http://marc.info/?l=bugtraq&m=105760591228031&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/9966

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:php:php:4.0.1:::::::*
	cpe:2.3:a:php:php:4.0.1:patch1::::::
	cpe:2.3:a:php:php:3.0.18:::::::*
	cpe:2.3:a:php:php:4.0:::::::*
	cpe:2.3:a:php:php:4.0.5:::::::*
	cpe:2.3:a:php:php:4.0.6:::::::*
	cpe:2.3:a:php:php:4.2.2:::::::*
	cpe:2.3:a:php:php:4.0.3:patch1::::::
	cpe:2.3:a:php:php:4.0.4:::::::*
	cpe:2.3:a:php:php:4.2.0:::::::*
	cpe:2.3:a:php:php:4.2.1:::::::*
	cpe:2.3:a:php:php:4.1.0:::::::*
	cpe:2.3:a:php:php:4.0.7:::::::*
	cpe:2.3:a:php:php:4.0.2:::::::*
	cpe:2.3:a:php:php:4.1.1:::::::*
	cpe:2.3:a:php:php:4.0.1:patch2::::::
	cpe:2.3:a:php:php:4.1.2:::::::*
	cpe:2.3:a:php:php:4.0.3:::::::*

Information

Published : 2002-09-23 21:00

Updated : 2017-10-09 18:30

NVD link : CVE-2002-0985

Mitre link : CVE-2002-0985

JSON object : View

CWE

NVD-CWE-Other

Products Affected

php

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.redhat.com/support/errata/RHSA-2002-213.html", "name": "RHSA-2002:213", "tags": ["Patch", "Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.debian.org/security/2002/dsa-168", "name": "DSA-168", "tags": ["Patch", "Vendor Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-214.html", "name": "RHSA-2002:214", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html", "name": "RHSA-2002:243", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html", "name": "RHSA-2002:244", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html", "name": "RHSA-2002:248", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-159.html", "name": "RHSA-2003:159", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.novell.com/linux/security/advisories/2002_036_modphp4.html", "name": "SuSE-SA:2002:036", "tags": [], "refsource": "SUSE"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545", "name": "CLA-2002:545", "tags": [], "refsource": "CONECTIVA"}, {"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt", "name": "CSSA-2003-008.0", "tags": [], "refsource": "CALDERA"}, {"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082", "name": "MDKSA-2003:082", "tags": [], "refsource": "MANDRAKE"}, {"url": "http://www.osvdb.org/2111", "name": "2111", "tags": [], "refsource": "OSVDB"}, {"url": "http://marc.info/?l=bugtraq&m=103011916928204&w=2", "name": "20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=105760591228031&w=2", "name": "20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9966", "name": "php-mail-safemode-bypass(9966)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-0985", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2002-09-24T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-10T01:30Z"}

7.5 /10