Upstream information

CVE-2006-1014 at MITRE

Description

Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 3.2
Vector AV:L/AC:L/Au:S/C:P/I:P/A:N
Access Vector Local
Access Complexity Low
Authentication Single
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entry: 154315 [RESOLVED / FIXED]

SUSE Security Advisories:


SUSE Timeline for this CVE

CVE page created: Fri Jun 28 01:49:09 2013
CVE page last modified: Fri Oct 7 12:45:32 2022