CVE-2002-0986 Information

Description

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments which could allow remote attackers to modify mail message content including mail headers and possibly use PHP as a \spam proxy.\

Reference

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 http://marc.info/?l=bugtraq&m=103011916928204&w=2 http://marc.info/?l=bugtraq&m=105760591228031&w=2 http://www.debian.org/security/2002/dsa-168 http://www.kb.cert.org/vuls/id/410609 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082 http://www.novell.com/linux/security/advisories/2002_036_modphp4.html http://www.osvdb.org/2160 http://www.redhat.com/support/errata/RHSA-2002-213.html http://www.redhat.com/support/errata/RHSA-2002-214.html http://www.redhat.com/support/errata/RHSA-2002-243.html http://www.redhat.com/support/errata/RHSA-2002-244.html http://www.redhat.com/support/errata/RHSA-2002-248.html http://www.redhat.com/support/errata/RHSA-2003-159.html http://www.securityfocus.com/bid/5562 https://exchange.xforce.ibmcloud.com/vulnerabilities/9959