Candidate: CVE-2009-4111
PublicDate: 2009-11-29 13:07:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4111
Description:
 Argument injection vulnerability in Mail/sendmail.php in the Mail package
 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote
 attackers to read and write arbitrary files via a crafted $recipients
 parameter, and possibly other parameters, a different vulnerability than
 CVE-2009-4023.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.gentoo.org/show_bug.cgi?id=294256
 http://pear.php.net/bugs/bug.php?id=16200
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557121
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_php-mail:
upstream_php-mail: released (1.1.14-2)
dapper_php-mail: ignored (reached end-of-life)
hardy_php-mail: ignored (reached end-of-life)
intrepid_php-mail: needs-triage (reached end-of-life)
jaunty_php-mail: ignored (reached end-of-life)
karmic_php-mail: ignored (reached end-of-life)
lucid_php-mail: ignored (reached end-of-life)
maverick_php-mail: ignored (reached end-of-life)
natty_php-mail: ignored (reached end-of-life)
oneiric_php-mail: ignored (reached end-of-life)
precise_php-mail: ignored (reached end-of-life)
precise/esm_php-mail: DNE (precise was needs-triage)
quantal_php-mail: ignored (reached end-of-life)
raring_php-mail: ignored (reached end-of-life)
saucy_php-mail: ignored (reached end-of-life)
trusty_php-mail: not-affected (1.2.0-6)
trusty/esm_php-mail: DNE (trusty was not-affected [1.2.0-6])
utopic_php-mail: ignored (reached end-of-life)
vivid_php-mail: ignored (reached end-of-life)
vivid/stable-phone-overlay_php-mail: DNE
vivid/ubuntu-core_php-mail: DNE
wily_php-mail: ignored (reached end-of-life)
xenial_php-mail: not-affected (1.2.0-6)
yakkety_php-mail: ignored (reached end-of-life)
zesty_php-mail: ignored (reached end-of-life)
artful_php-mail: ignored (reached end-of-life)
bionic_php-mail: not-affected (1.2.0-6)
cosmic_php-mail: not-affected (1.2.0-6)
devel_php-mail: not-affected (1.2.0-6)