CVE-2002-0985

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt	Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545	Broken Link
http://marc.info/?l=bugtraq&m=103011916928204&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=105760591228031&w=2	Third Party Advisory
http://www.debian.org/security/2002/dsa-168	Broken Link Patch Vendor Advisory
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082	Broken Link
http://www.novell.com/linux/security/advisories/2002_036_modphp4.html	Broken Link
http://www.osvdb.org/2111	Broken Link
http://www.redhat.com/support/errata/RHSA-2002-213.html	Broken Link Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2002-214.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2002-243.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2002-244.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2002-248.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2003-159.html	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/9966	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:openpkg:openpkg:1.1:::::::*
	cpe:2.3:a:openpkg:openpkg:1.2:::::::*

History

13 Feb 2024, 18:00

Type	Values Removed	Values Added
References	~~() ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt -~~	() ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt - Broken Link
References	~~() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 -~~	() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 - Broken Link
References	~~() http://marc.info/?l=bugtraq&m=103011916928204&w=2 -~~	() http://marc.info/?l=bugtraq&m=103011916928204&w=2 - Third Party Advisory
References	~~() http://marc.info/?l=bugtraq&m=105760591228031&w=2 -~~	() http://marc.info/?l=bugtraq&m=105760591228031&w=2 - Third Party Advisory
References	~~() http://www.debian.org/security/2002/dsa-168 - Patch, Vendor Advisory~~	() http://www.debian.org/security/2002/dsa-168 - Broken Link, Patch, Vendor Advisory
References	~~() http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082 -~~	() http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082 - Broken Link
References	~~() http://www.novell.com/linux/security/advisories/2002_036_modphp4.html -~~	() http://www.novell.com/linux/security/advisories/2002_036_modphp4.html - Broken Link
References	~~() http://www.osvdb.org/2111 -~~	() http://www.osvdb.org/2111 - Broken Link
References	~~() http://www.redhat.com/support/errata/RHSA-2002-213.html - Patch, Vendor Advisory~~	() http://www.redhat.com/support/errata/RHSA-2002-213.html - Broken Link, Patch, Vendor Advisory
References	~~() http://www.redhat.com/support/errata/RHSA-2002-214.html -~~	() http://www.redhat.com/support/errata/RHSA-2002-214.html - Broken Link
References	~~() http://www.redhat.com/support/errata/RHSA-2002-243.html -~~	() http://www.redhat.com/support/errata/RHSA-2002-243.html - Broken Link
References	~~() http://www.redhat.com/support/errata/RHSA-2002-244.html -~~	() http://www.redhat.com/support/errata/RHSA-2002-244.html - Broken Link
References	~~() http://www.redhat.com/support/errata/RHSA-2002-248.html -~~	() http://www.redhat.com/support/errata/RHSA-2002-248.html - Broken Link
References	~~() http://www.redhat.com/support/errata/RHSA-2003-159.html -~~	() http://www.redhat.com/support/errata/RHSA-2003-159.html - Broken Link
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/9966 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/9966 - Third Party Advisory, VDB Entry
CPE	cpe:2.3:a:php:php:4.0.4:::::::* cpe:2.3:a:php:php:4.0.1:::::::* cpe:2.3:a:php:php:4.0.5:::::::* cpe:2.3:a:php:php:4.0.1:patch1:::::: cpe:2.3:a:php:php:4.1.1:::::::* cpe:2.3:a:php:php:4.0.2:::::::* cpe:2.3:a:php:php:4.1.0:::::::* cpe:2.3:a:php:php:4.0.3:::::::* cpe:2.3:a:php:php:4.2.0:::::::* cpe:2.3:a:php:php:4.0.3:patch1:::::: cpe:2.3:a:php:php:4.0.6:::::::* cpe:2.3:a:php:php:4.2.1:::::::* cpe:2.3:a:php:php:3.0.18:::::::* cpe:2.3:a:php:php:4.0.1:patch2:::::: cpe:2.3:a:php:php:4.2.2:::::::* cpe:2.3:a:php:php:4.0:::::::* cpe:2.3:a:php:php:4.0.7:::::::* cpe:2.3:a:php:php:4.1.2:::::::*	cpe:2.3:a:openpkg:openpkg:1.2:::::::* cpe:2.3:a:openpkg:openpkg:1.1:::::::* cpe:2.3:a:php:php::::::::
CWE	~~NVD-CWE-Other~~	CWE-88
First Time		Openpkg Openpkg openpkg

Information

Published : 2002-09-24 04:00

Updated : 2024-02-13 18:00

NVD link : CVE-2002-0985

Mitre link : CVE-2002-0985

CVE.ORG link : CVE-2002-0985

JSON object : View

Products Affected

openpkg

openpkg

php

php

CWE

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

{"id": "CVE-2002-0985", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-09-24T04:00:00.000", "references": [{"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=103011916928204&w=2", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=105760591228031&w=2", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2002/dsa-168", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.novell.com/linux/security/advisories/2002_036_modphp4.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/2111", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-213.html", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-214.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-159.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9966", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-88"}]}], "descriptions": [{"lang": "en", "value": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands."}], "lastModified": "2024-02-13T18:00:37.773", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7CF9839-3A11-4934-B956-B590261FDAFC", "versionEndIncluding": "4.2.2", "versionStartIncluding": "4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85CCF640-211C-4EC0-9F41-68F5B39CA3F7"}, {"criteria": "cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6ADD463-E918-4F4D-9FA7-D109EBC98BD8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}