[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-4023Date: (C)2009-11-29   (M)2023-12-22


Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-37081
SECUNIA-37410
SECUNIA-37458
ADV-2009-3300
DSA-1938
SUSE-SR:2010:020
http://www.openwall.com/lists/oss-security/2009/11/23/8
http://pear.php.net/bugs/bug.php?id=16200
http://pear.php.net/bugs/bug.php?id=16200&edit=12&patch=quick-fix&revision=1241757412
http://svn.php.net/viewvc/pear/packages/Mail/trunk/Mail/sendmail.php?r1=243717&r2=280134
https://bugs.gentoo.org/show_bug.cgi?id=294256
pear-from-security-bypass(54362)

CWE    1
CWE-94
OVAL    5
oval:org.secpod.oval:def:300222
oval:org.mitre.oval:def:8213
oval:org.secpod.oval:def:101789
oval:org.secpod.oval:def:102466
...

© SecPod Technologies