PublicDate: 2006-03-07 00:02:00 UTC
Candidate: CVE-2006-1014
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1014
Description:
 Argument injection vulnerability in certain PHP 4.x and 5.x applications,
 when used with sendmail and when accepting remote input for the
 additional_parameters argument to the mb_send_mail function, allows
 context-dependent attackers to read and create arbitrary files by providing
 extra -C and -X arguments to sendmail.  NOTE: it could be argued that this
 is a class of technology-specific vulnerability, instead of a particular
 instance; if so, then this should not be included in CVE.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
upstream_php5: released (5.1.4)
dapper_php5: ignored (not remotely exploitable)
edgy_php5: released (5.1.6-1ubuntu2.6)
feisty_php5: released (5.2.1-0ubuntu1.4)
devel_php5: released (5.2.3-1ubuntu5)