CVE-2002-0985 - OpenCVE

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Php	Php
Openpkg	Openpkg

Configuration 1 [-]

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:openpkg:openpkg:1.1:::::::*
	cpe:2.3:a:openpkg:openpkg:1.2:::::::*

References

Link	Resource
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt	Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545	Broken Link
http://marc.info/?l=bugtraq&m=103011916928204&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=105760591228031&w=2	Third Party Advisory
http://www.debian.org/security/2002/dsa-168	Broken Link Patch Vendor Advisory
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082	Broken Link
http://www.novell.com/linux/security/advisories/2002_036_modphp4.html	Broken Link
http://www.osvdb.org/2111	Broken Link
http://www.redhat.com/support/errata/RHSA-2002-213.html	Broken Link Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2002-214.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2002-243.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2002-244.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2002-248.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2003-159.html	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/9966	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-01T04:00:00

Updated: 2007-11-13T00:00:00

Reserved: 2002-08-23T00:00:00

Link: CVE-2002-0985

JSON object: View

NVD Information

Status : Analyzed

Published: 2002-09-24T04:00:00.000

Modified: 2024-02-13T18:00:37.773

Link: CVE-2002-0985

JSON object: View

Redhat Information

No data.

CWE

CWE-88

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-08-23T00:00:00", "descriptions": [{"lang": "en", "value": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-11-13T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105760591228031&w=2"}, {"name": "DSA-168", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2002/dsa-168"}, {"name": "php-mail-safemode-bypass(9966)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9966"}, {"name": "20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=103011916928204&w=2"}, {"name": "RHSA-2002:243", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"}, {"name": "RHSA-2003:159", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2003-159.html"}, {"name": "MDKSA-2003:082", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082"}, {"name": "CSSA-2003-008.0", "tags": ["vendor-advisory", "x_refsource_CALDERA"], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt"}, {"name": "SuSE-SA:2002:036", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2002_036_modphp4.html"}, {"name": "CLA-2002:545", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545"}, {"name": "RHSA-2002:213", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2002-213.html"}, {"name": "RHSA-2002:248", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"}, {"name": "RHSA-2002:244", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"}, {"name": "2111", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/2111"}, {"name": "RHSA-2002:214", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2002-214.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0985", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105760591228031&w=2"}, {"name": "DSA-168", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2002/dsa-168"}, {"name": "php-mail-safemode-bypass(9966)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9966"}, {"name": "20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=103011916928204&w=2"}, {"name": "RHSA-2002:243", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"}, {"name": "RHSA-2003:159", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-159.html"}, {"name": "MDKSA-2003:082", "refsource": "MANDRAKE", "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082"}, {"name": "CSSA-2003-008.0", "refsource": "CALDERA", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt"}, {"name": "SuSE-SA:2002:036", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2002_036_modphp4.html"}, {"name": "CLA-2002:545", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545"}, {"name": "RHSA-2002:213", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-213.html"}, {"name": "RHSA-2002:248", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"}, {"name": "RHSA-2002:244", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"}, {"name": "2111", "refsource": "OSVDB", "url": "http://www.osvdb.org/2111"}, {"name": "RHSA-2002:214", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-214.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0985", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2002-08-23T00:00:00", "dateUpdated": "2007-11-13T00:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7CF9839-3A11-4934-B956-B590261FDAFC", "versionEndIncluding": "4.2.2", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "85CCF640-211C-4EC0-9F41-68F5B39CA3F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B6ADD463-E918-4F4D-9FA7-D109EBC98BD8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands."}], "id": "CVE-2002-0985", "lastModified": "2024-02-13T18:00:37.773", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-09-24T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=103011916928204&w=2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=105760591228031&w=2"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2002/dsa-168"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.novell.com/linux/security/advisories/2002_036_modphp4.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.osvdb.org/2111"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2002-213.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2002-214.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2003-159.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9966"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "nvd@nist.gov", "type": "Primary"}]}