cvelistv5 - cve-2001-1246

CVE-2001-1246 (GCVE-0-2001-1246)

Vulnerability from cvelistv5 – Published: 2002-06-25 04:00 – Updated: 2024-08-08 04:51

Summary

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

RHSA-2002_129

Vulnerability from csaf_redhat - Published: 2002-06-26 00:00 - Updated: 2024-11-21 22:23

Summary

Red Hat Security Advisory: php security update

Notes

Topic

PHP versions earlier than 4.1.0 contain a vulnerability that could allow arbitrary commands to be executed. [updated 22 Aug 2002] The initial set of errata packages contained an incorrect set of dependencies. This meant that a number of packages would need to be installed before php that were not essential to the operation of php. Updated errata packages are included with this advisory that have corrected dependencies.

Details

PHP is an HTML-embedded scripting language commonly used with Apache. PHP versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse the 5th parameter to the mail() function. This vulnerability allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. Red Hat Linux Advanced Server version 2.1 shipped with PHP 4.0.6. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2001-1246 to this issue. All users of PHP should upgrade to these errata packages containing PHP 4.1.2, which is not vulnerable to this issue. Note: This PHP errata enforces memory limits on the size of the PHP process to prevent a badly generated script from becoming a possible source for a denial of service attack. The default process size is 8Mb though you can adjust this as you deem necessary thought the php.ini directive memory_limit. For example, to change the process memory limit to 4MB, add the following: memory_limit 4194304 Important Installation Note: There are special instructions you should follow regarding your /etc/php.ini configuration file in the "Solution" section below.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "PHP versions earlier than 4.1.0 contain a vulnerability that could allow\narbitrary commands to be executed.\n\n[updated 22 Aug 2002]\nThe initial set of errata packages contained an incorrect set of\ndependencies. This meant that a number of packages would need to be\ninstalled before php that were not essential to the operation of php. \nUpdated errata packages are included with this advisory that have corrected\ndependencies.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "PHP is an HTML-embedded scripting language commonly used with Apache. PHP\nversions 4.0.5 through 4.1.0 in safe mode do not properly cleanse the 5th\nparameter to the mail() function. This vulnerability allows local users and\npossibly remote attackers to execute arbitrary commands via shell\nmetacharacters.\n\nRed Hat Linux Advanced Server version 2.1 shipped with PHP 4.0.6.\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2001-1246 to this issue.\n \nAll users of PHP should upgrade to these errata packages containing PHP\n4.1.2, which is not vulnerable to this issue.\n\nNote:\n\nThis PHP errata enforces memory limits on the size of the PHP process to\nprevent a badly generated script from becoming a possible source for a\ndenial of service attack. The default process size is 8Mb though you can\nadjust this as you deem necessary thought the php.ini directive\nmemory_limit. For example, to change the process memory limit to 4MB, add\nthe following:\n\nmemory_limit 4194304\n\nImportant Installation Note:\n\nThere are special instructions you should follow regarding your\n/etc/php.ini configuration file in the \"Solution\" section below.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:129",
        "url": "https://access.redhat.com/errata/RHSA-2002:129"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_129.json"
      }
    ],
    "title": "Red Hat Security Advisory: php security update",
    "tracking": {
      "current_release_date": "2024-11-21T22:23:14+00:00",
      "generator": {
        "date": "2024-11-21T22:23:14+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2002:129",
      "initial_release_date": "2002-06-26T00:00:00+00:00",
      "revision_history": [
        {
          "date": "2002-06-26T00:00:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-06-26T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:23:14+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Advanced Server"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2001-1246",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616654"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2001-1246"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616654",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616654"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2001-1246",
          "url": "https://www.cve.org/CVERecord?id=CVE-2001-1246"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2001-1246",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1246"
        }
      ],
      "release_date": "2001-06-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-06-26T00:00:00+00:00",
          "details": "Please Note:\n\nThe /etc/php.ini configuration file is not replaced or\noverwritten. You should carefully review your configuration file and adapt\nit to your server or service functions.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network.  To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:129"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003:159

Vulnerability from csaf_redhat - Published: 2003-06-30 14:37 - Updated: 2025-11-21 17:26

Summary

Red Hat Security Advisory: : : : New PHP packages fix vulnerabilities

Notes

Topic

Updated PHP packages are available for Red Hat Linux on IBM iSeries and pSeries systems.

Details

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. The mail function in PHP 4.x to 4.2.2 may allow local script authors to bypass safe mode restrictions and modify command line arguments to an MTA (such as Sendmail). Specifically, the fifth argument to mail() may be modified, altering MTA behavior and possibly allowing the execution of arbitrary local commands. The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy." Script authors should note that all input should be checked for unsafe data by any PHP scripts calling functions such as mail(). PHP versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse the 5th parameter to the mail() function. This vulnerability allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. Note that this PHP errata enforces memory limits on the size of the PHP process to prevent a badly generated script from becoming a possible source for a denial of service attack. The default process size is 8MB, though you can adjust this as necessary through the php.ini directive memory_limit. For example, to change the process memory limit to 4MB, add the following: memory_limit 4194304 Important Note: Your original /etc/php.ini configuration file is not replaced or overwritten. Therefore, you should carefully review your configuration file and adapt it as necessary to your server or service functions.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated PHP packages are available for Red Hat Linux on IBM iSeries and\npSeries systems.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP server. \n\nThe mail function in PHP 4.x to 4.2.2 may allow local script authors to\nbypass safe mode restrictions and modify command line arguments to an\nMTA (such as Sendmail).  Specifically, the fifth argument to mail() may be\nmodified, altering MTA behavior and possibly allowing the execution of\narbitrary local commands.\n\nThe mail function in PHP 4.x to 4.2.2 does not filter ASCII control\ncharacters from its arguments, which could allow remote attackers to\nmodify mail message content, including mail headers, and possibly use\nPHP as a \"spam proxy.\"\n\nScript authors should note that all input should be checked for unsafe data\nby any PHP scripts calling functions such as mail().\n\nPHP versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse\nthe 5th parameter to the mail() function. This vulnerability allows local\nusers and possibly remote attackers to execute arbitrary commands via shell\nmetacharacters.\n\nNote that this PHP errata enforces memory limits on the size of the PHP\nprocess to prevent a badly generated script from becoming a possible source\nfor a denial of service attack. The default process size is 8MB, though you\ncan adjust this as necessary through the php.ini directive memory_limit.\nFor example, to change the process memory limit to 4MB, add\nthe following:\n\nmemory_limit 4194304\n\nImportant Note:\n\nYour original /etc/php.ini configuration file is not replaced or\noverwritten. Therefore, you should carefully review your configuration file\nand adapt it as necessary to your server or service functions.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:159",
        "url": "https://access.redhat.com/errata/RHSA-2003:159"
      },
      {
        "category": "external",
        "summary": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=103011916928204",
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=103011916928204"
      },
      {
        "category": "external",
        "summary": "http://online.securityfocus.com/archive/1/194425",
        "url": "http://online.securityfocus.com/archive/1/194425"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_159.json"
      }
    ],
    "title": "Red Hat Security Advisory: : : : New PHP packages fix vulnerabilities",
    "tracking": {
      "current_release_date": "2025-11-21T17:26:03+00:00",
      "generator": {
        "date": "2025-11-21T17:26:03+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2003:159",
      "initial_release_date": "2003-06-30T14:37:00+00:00",
      "revision_history": [
        {
          "date": "2003-06-30T14:37:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-06-30T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:26:03+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2001-1246",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616654"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2001-1246"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616654",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616654"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2001-1246",
          "url": "https://www.cve.org/CVERecord?id=CVE-2001-1246"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2001-1246",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1246"
        }
      ],
      "release_date": "2001-06-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-30T14:37:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:159"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0985",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616833"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0985"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616833",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616833"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0985",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0985"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985"
        }
      ],
      "release_date": "2002-08-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-30T14:37:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:159"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0986",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616834"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0986"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616834",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616834"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0986",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0986"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986"
        }
      ],
      "release_date": "2002-08-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-30T14:37:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:159"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003_159

Vulnerability from csaf_redhat - Published: 2003-06-30 14:37 - Updated: 2024-11-21 22:31

Summary

Red Hat Security Advisory: : : : New PHP packages fix vulnerabilities

Notes

Topic

Updated PHP packages are available for Red Hat Linux on IBM iSeries and pSeries systems.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated PHP packages are available for Red Hat Linux on IBM iSeries and\npSeries systems.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP server. \n\nThe mail function in PHP 4.x to 4.2.2 may allow local script authors to\nbypass safe mode restrictions and modify command line arguments to an\nMTA (such as Sendmail).  Specifically, the fifth argument to mail() may be\nmodified, altering MTA behavior and possibly allowing the execution of\narbitrary local commands.\n\nThe mail function in PHP 4.x to 4.2.2 does not filter ASCII control\ncharacters from its arguments, which could allow remote attackers to\nmodify mail message content, including mail headers, and possibly use\nPHP as a \"spam proxy.\"\n\nScript authors should note that all input should be checked for unsafe data\nby any PHP scripts calling functions such as mail().\n\nPHP versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse\nthe 5th parameter to the mail() function. This vulnerability allows local\nusers and possibly remote attackers to execute arbitrary commands via shell\nmetacharacters.\n\nNote that this PHP errata enforces memory limits on the size of the PHP\nprocess to prevent a badly generated script from becoming a possible source\nfor a denial of service attack. The default process size is 8MB, though you\ncan adjust this as necessary through the php.ini directive memory_limit.\nFor example, to change the process memory limit to 4MB, add\nthe following:\n\nmemory_limit 4194304\n\nImportant Note:\n\nYour original /etc/php.ini configuration file is not replaced or\noverwritten. Therefore, you should carefully review your configuration file\nand adapt it as necessary to your server or service functions.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:159",
        "url": "https://access.redhat.com/errata/RHSA-2003:159"
      },
      {
        "category": "external",
        "summary": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=103011916928204",
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=103011916928204"
      },
      {
        "category": "external",
        "summary": "http://online.securityfocus.com/archive/1/194425",
        "url": "http://online.securityfocus.com/archive/1/194425"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_159.json"
      }
    ],
    "title": "Red Hat Security Advisory: : : : New PHP packages fix vulnerabilities",
    "tracking": {
      "current_release_date": "2024-11-21T22:31:38+00:00",
      "generator": {
        "date": "2024-11-21T22:31:38+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:159",
      "initial_release_date": "2003-06-30T14:37:00+00:00",
      "revision_history": [
        {
          "date": "2003-06-30T14:37:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-06-30T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:31:38+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2001-1246",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616654"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2001-1246"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616654",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616654"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2001-1246",
          "url": "https://www.cve.org/CVERecord?id=CVE-2001-1246"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2001-1246",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1246"
        }
      ],
      "release_date": "2001-06-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-30T14:37:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:159"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0985",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616833"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0985"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616833",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616833"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0985",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0985"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985"
        }
      ],
      "release_date": "2002-08-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-30T14:37:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:159"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0986",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616834"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0986"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616834",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616834"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0986",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0986"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986"
        }
      ],
      "release_date": "2002-08-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-30T14:37:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:159"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2002:129

Vulnerability from csaf_redhat - Published: 2002-06-26 00:00 - Updated: 2025-11-21 17:24

Summary

Red Hat Security Advisory: php security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "PHP versions earlier than 4.1.0 contain a vulnerability that could allow\narbitrary commands to be executed.\n\n[updated 22 Aug 2002]\nThe initial set of errata packages contained an incorrect set of\ndependencies. This meant that a number of packages would need to be\ninstalled before php that were not essential to the operation of php. \nUpdated errata packages are included with this advisory that have corrected\ndependencies.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "PHP is an HTML-embedded scripting language commonly used with Apache. PHP\nversions 4.0.5 through 4.1.0 in safe mode do not properly cleanse the 5th\nparameter to the mail() function. This vulnerability allows local users and\npossibly remote attackers to execute arbitrary commands via shell\nmetacharacters.\n\nRed Hat Linux Advanced Server version 2.1 shipped with PHP 4.0.6.\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2001-1246 to this issue.\n \nAll users of PHP should upgrade to these errata packages containing PHP\n4.1.2, which is not vulnerable to this issue.\n\nNote:\n\nThis PHP errata enforces memory limits on the size of the PHP process to\nprevent a badly generated script from becoming a possible source for a\ndenial of service attack. The default process size is 8Mb though you can\nadjust this as you deem necessary thought the php.ini directive\nmemory_limit. For example, to change the process memory limit to 4MB, add\nthe following:\n\nmemory_limit 4194304\n\nImportant Installation Note:\n\nThere are special instructions you should follow regarding your\n/etc/php.ini configuration file in the \"Solution\" section below.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:129",
        "url": "https://access.redhat.com/errata/RHSA-2002:129"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_129.json"
      }
    ],
    "title": "Red Hat Security Advisory: php security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:24:52+00:00",
      "generator": {
        "date": "2025-11-21T17:24:52+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2002:129",
      "initial_release_date": "2002-06-26T00:00:00+00:00",
      "revision_history": [
        {
          "date": "2002-06-26T00:00:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-06-26T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:24:52+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Advanced Server"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2001-1246",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616654"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2001-1246"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616654",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616654"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2001-1246",
          "url": "https://www.cve.org/CVERecord?id=CVE-2001-1246"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2001-1246",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1246"
        }
      ],
      "release_date": "2001-06-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-06-26T00:00:00+00:00",
          "details": "Please Note:\n\nThe /etc/php.ini configuration file is not replaced or\noverwritten. You should carefully review your configuration file and adapt\nit to your server or service functions.\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network.  To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 "
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:129"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

GHSA-7PF5-HFGR-CH72

Vulnerability from github – Published: 2022-04-30 18:17 – Updated: 2022-04-30 18:17

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2001-1246"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-88"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2001-06-30T04:00:00Z",
    "severity": "HIGH"
  },
  "details": "PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.",
  "id": "GHSA-7pf5-hfgr-ch72",
  "modified": "2022-04-30T18:17:38Z",
  "published": "2022-04-30T18:17:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1246"
    },
    {
      "type": "WEB",
      "url": "http://online.securityfocus.com/archive/1/194425"
    },
    {
      "type": "WEB",
      "url": "http://www.iss.net/security_center/static/6787.php"
    },
    {
      "type": "WEB",
      "url": "http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-102.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-129.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-159.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/2954"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2001-1246

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2001-1246

Aliases

CVE-2001-1246

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2001-1246",
    "description": "PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.",
    "id": "GSD-2001-1246",
    "references": [
      "https://access.redhat.com/errata/RHSA-2003:159",
      "https://access.redhat.com/errata/RHSA-2002:129",
      "https://access.redhat.com/errata/RHSA-2002:102"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2001-1246"
      ],
      "details": "PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.",
      "id": "GSD-2001-1246",
      "modified": "2023-12-13T01:19:02.478368Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2001-1246",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2003:159",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2003-159.html"
          },
          {
            "name": "RHSA-2002:129",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2002-129.html"
          },
          {
            "name": "php-safemode-elevate-privileges(6787)",
            "refsource": "XF",
            "url": "http://www.iss.net/security_center/static/6787.php"
          },
          {
            "name": "2954",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/2954"
          },
          {
            "name": "20010630 php breaks safe mode",
            "refsource": "BUGTRAQ",
            "url": "http://online.securityfocus.com/archive/1/194425"
          },
          {
            "name": "RHSA-2002:102",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2002-102.html"
          },
          {
            "name": "http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz",
            "refsource": "CONFIRM",
            "url": "http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AF5EFBC9-2F17-44CD-8298-3D0BA0B48F4C",
                    "versionEndIncluding": "4.1.0",
                    "versionStartIncluding": "4.0.5",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters."
          }
        ],
        "id": "CVE-2001-1246",
        "lastModified": "2024-02-14T15:17:03.503",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 6.4,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": true,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ]
        },
        "published": "2001-06-30T04:00:00.000",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://online.securityfocus.com/archive/1/194425"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Patch",
              "Vendor Advisory"
            ],
            "url": "http://www.iss.net/security_center/static/6787.php"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-102.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-129.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-159.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/2954"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-88"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

FKIE_CVE-2001-1246

Vulnerability from fkie_nvd - Published: 2001-06-30 04:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://online.securityfocus.com/archive/1/194425	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.iss.net/security_center/static/6787.php	Broken Link, Patch, Vendor Advisory
cve@mitre.org	http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz	Broken Link
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2002-102.html	Broken Link
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2002-129.html	Broken Link
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2003-159.html	Broken Link
cve@mitre.org	http://www.securityfocus.com/bid/2954	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://online.securityfocus.com/archive/1/194425	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.iss.net/security_center/static/6787.php	Broken Link, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2002-102.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2002-129.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2003-159.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/2954	Broken Link, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	php	php	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5EFBC9-2F17-44CD-8298-3D0BA0B48F4C",
              "versionEndIncluding": "4.1.0",
              "versionStartIncluding": "4.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters."
    }
  ],
  "id": "CVE-2001-1246",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-06-30T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://online.securityfocus.com/archive/1/194425"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/6787.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2002-102.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2002-129.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-159.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/2954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://online.securityfocus.com/archive/1/194425"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/6787.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2002-102.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2002-129.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-159.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/2954"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-88"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2001-1246 (GCVE-0-2001-1246)

RHSA-2002_129

RHSA-2003:159

RHSA-2003_159

RHSA-2002:129

GHSA-7PF5-HFGR-CH72

GSD-2001-1246

FKIE_CVE-2001-1246

Tags

Sightings

Nomenclature