Lucene search

[email protected]CVE-2009-4111

HistoryNov 29, 2009 - 1:07 p.m.

CVE-2009-4111

2009-11-2913:07:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2009-4111

argument injection

mail package

pear

remote attack

arbitrary file

vulnerability

9.2 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.0%

JSON

Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023.

CPENameOperatorVersion
pear:mailpear maileq1.1.14
pear:mailpear maileq1.2.0b2

CPE	Name	Operator	Version
pear:mail	pear mail	eq	1.1.14
pear:mail	pear mail	eq	1.2.0b2

References

lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html

pear.php.net/bugs/bug.php?id=16200

secunia.com/advisories/37458

www.debian.org/security/2009/dsa-1938

www.openwall.com/lists/oss-security/2009/11/23/8

www.openwall.com/lists/oss-security/2009/11/28/2

www.securityfocus.com/bid/37395

bugs.gentoo.org/show_bug.cgi?id=294256

9.2 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.0%

JSON

Related for CVE-2009-4111

nessus6 ubuntucve2 debiancve2 fedora3 prion2 cve1 openvas11 seebug1 gentoo1