CVE-2002-0985

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.redhat.com/support/errata/RHSA-2002-213.html	Broken Link Patch Vendor Advisory
http://www.debian.org/security/2002/dsa-168	Broken Link Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2002-214.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2002-243.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2002-244.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2002-248.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2003-159.html	Broken Link
http://www.novell.com/linux/security/advisories/2002_036_modphp4.html	Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545	Broken Link
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt	Broken Link
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082	Broken Link
http://www.osvdb.org/2111	Broken Link
http://marc.info/?l=bugtraq&m=103011916928204&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=105760591228031&w=2	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/9966	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:openpkg:openpkg:1.1:::::::*
	cpe:2.3:a:openpkg:openpkg:1.2:::::::*

History

13 Feb 2024, 18:00

Type	Values Removed	Values Added
First Time		Openpkg Openpkg openpkg
CPE	cpe:2.3:a:php:php:3.0.18:::::::* cpe:2.3:a:php:php:4.0.3:::::::* cpe:2.3:a:php:php:4.1.1:::::::* cpe:2.3:a:php:php:4.2.0:::::::* cpe:2.3:a:php:php:4.1.2:::::::* cpe:2.3:a:php:php:4.2.2:::::::* cpe:2.3:a:php:php:4.0.6:::::::* cpe:2.3:a:php:php:4.2.1:::::::* cpe:2.3:a:php:php:4.0.3:patch1:::::: cpe:2.3:a:php:php:4.0.5:::::::* cpe:2.3:a:php:php:4.0.4:::::::* cpe:2.3:a:php:php:4.0.7:::::::* cpe:2.3:a:php:php:4.0.1:patch1:::::: cpe:2.3:a:php:php:4.1.0:::::::* cpe:2.3:a:php:php:4.0.2:::::::* cpe:2.3:a:php:php:4.0:::::::* cpe:2.3:a:php:php:4.0.1:::::::* cpe:2.3:a:php:php:4.0.1:patch2::::::	cpe:2.3:a:openpkg:openpkg:1.1:::::::* cpe:2.3:a:php:php:::::::: cpe:2.3:a:openpkg:openpkg:1.2:::::::*
CWE	~~NVD-CWE-Other~~	CWE-88
References	~~(SUSE) http://www.novell.com/linux/security/advisories/2002_036_modphp4.html -~~	(SUSE) http://www.novell.com/linux/security/advisories/2002_036_modphp4.html - Broken Link
References	~~(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/9966 -~~	(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/9966 - Third Party Advisory, VDB Entry
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2002-213.html - Patch, Vendor Advisory~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2002-213.html - Broken Link, Patch, Vendor Advisory
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2002-214.html -~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2002-214.html - Broken Link
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2002-244.html -~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2002-244.html - Broken Link
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2003-159.html -~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2003-159.html - Broken Link
References	~~(CALDERA) ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt -~~	(CALDERA) ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt - Broken Link
References	~~(BUGTRAQ) http://marc.info/?l=bugtraq&m=105760591228031&w=2 -~~	(BUGTRAQ) http://marc.info/?l=bugtraq&m=105760591228031&w=2 - Third Party Advisory
References	~~(MANDRAKE) http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082 -~~	(MANDRAKE) http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082 - Broken Link
References	~~(BUGTRAQ) http://marc.info/?l=bugtraq&m=103011916928204&w=2 -~~	(BUGTRAQ) http://marc.info/?l=bugtraq&m=103011916928204&w=2 - Third Party Advisory
References	~~(DEBIAN) http://www.debian.org/security/2002/dsa-168 - Patch, Vendor Advisory~~	(DEBIAN) http://www.debian.org/security/2002/dsa-168 - Broken Link, Patch, Vendor Advisory
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2002-248.html -~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2002-248.html - Broken Link
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2002-243.html -~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2002-243.html - Broken Link
References	~~(OSVDB) http://www.osvdb.org/2111 -~~	(OSVDB) http://www.osvdb.org/2111 - Broken Link
References	~~(CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 -~~	(CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 - Broken Link

Information

Published : 2002-09-24 04:00

Updated : 2024-02-13 18:00

NVD link : CVE-2002-0985

Mitre link : CVE-2002-0985

JSON object : View

Products Affected

php

php

openpkg

openpkg

CWE

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.redhat.com/support/errata/RHSA-2002-213.html", "name": "RHSA-2002:213", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.debian.org/security/2002/dsa-168", "name": "DSA-168", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-214.html", "name": "RHSA-2002:214", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html", "name": "RHSA-2002:243", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html", "name": "RHSA-2002:244", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html", "name": "RHSA-2002:248", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-159.html", "name": "RHSA-2003:159", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://www.novell.com/linux/security/advisories/2002_036_modphp4.html", "name": "SuSE-SA:2002:036", "tags": ["Broken Link"], "refsource": "SUSE"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545", "name": "CLA-2002:545", "tags": ["Broken Link"], "refsource": "CONECTIVA"}, {"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt", "name": "CSSA-2003-008.0", "tags": ["Broken Link"], "refsource": "CALDERA"}, {"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082", "name": "MDKSA-2003:082", "tags": ["Broken Link"], "refsource": "MANDRAKE"}, {"url": "http://www.osvdb.org/2111", "name": "2111", "tags": ["Broken Link"], "refsource": "OSVDB"}, {"url": "http://marc.info/?l=bugtraq&m=103011916928204&w=2", "name": "20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()", "tags": ["Third Party Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=105760591228031&w=2", "name": "20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)", "tags": ["Third Party Advisory"], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9966", "name": "php-mail-safemode-bypass(9966)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-88"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-0985", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2002-09-24T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.2.2", "versionStartIncluding": "4.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-02-13T18:00Z"}