Vulnerabilities > CVE-2006-1015 - Security Bypass vulnerability in PHP

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

php

nessus

exploit available

NVD

Published: 2006-03-07

Updated: 2018-10-30

Summary

Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.

Vulnerable Configurations

Part	Description	Count
Application	Php PHP PHP 3.0 PHP PHP 3.0.1 PHP PHP 3.0.2 PHP PHP 3.0.3 PHP PHP 3.0.4 PHP PHP 3.0.5 PHP PHP 3.0.6 PHP PHP 3.0.7 PHP PHP 3.0.8 PHP PHP 3.0.9 PHP PHP 3.0.10 PHP PHP 3.0.11 PHP PHP 3.0.12 PHP PHP 3.0.13 PHP PHP 3.0.14 PHP PHP 3.0.15 PHP PHP 3.0.16 PHP PHP 3.0.17 PHP PHP 3.0.18 PHP PHP 4.0.0 PHP PHP 4.0.1 PHP PHP 4.0.2 PHP PHP 4.0.3 PHP PHP 4.0.4 PHP PHP 4.0.5 PHP PHP 4.0.6 PHP PHP 4.0.7 PHP PHP 4.1.0 PHP PHP 4.1.1 PHP PHP 4.1.2 PHP PHP 4.2 PHP PHP 4.2.0 PHP PHP 4.2.1 PHP PHP 4.2.2 PHP PHP 4.2.3 PHP PHP 4.3.0 PHP PHP 4.3.1 PHP PHP 4.3.2 PHP PHP 4.3.3 PHP PHP 4.3.4 PHP PHP 4.3.5 PHP PHP 4.3.6 PHP PHP 4.3.7 PHP PHP 4.3.8 PHP PHP 4.3.9 PHP PHP 4.3.10 PHP PHP 4.3.11 PHP PHP 4.4.0 PHP PHP 4.4.1 PHP PHP 4.4.2 PHP PHP 5.0 PHP PHP 5.0.0 PHP PHP 5.0.1 PHP PHP 5.0.2 PHP PHP 5.0.3 PHP PHP 5.0.4 PHP PHP 5.0.5 PHP PHP 5.1.0 PHP PHP 5.1.1 PHP PHP 5.1.2	75

Exploit-Db

description	PHP 4.x/5.0/5.1 w/ Sendmail Mail Function additional_parameters Argument Arbitrary File Creation. CVE-2006-1015. Local exploit for php platform
id	EDB-ID:27334
last seen	2016-02-03
modified	2006-02-28
published	2006-02-28
reporter	[email protected]
source	https://www.exploit-db.com/download/27334/
title	PHP 4.x/5.0/5.1 with Sendmail Mail Function additional_parameters - Argument Arbitrary File Creation

Nessus

NASL family	CGI abuses
NASL id	PHP_5_2_0.NASL
description	According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may be affected by several buffer overflows. To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server or to manipulate several variables processed by some PHP functions such as
last seen	2020-06-01
modified	2020-06-02
plugin id	31649
published	2008-03-25
reporter	This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/31649
title	PHP 5.x < 5.2 Multiple Vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_SA_2006_024.NASL
description	The remote host is missing the patch for the advisory SUSE-SA:2006:024 (php4,php5). This update fixes the following security issues in the scripting languages PHP4 and PHP5: - copy() and tempnam() functions could bypass open_basedir restrictions (CVE-2006-1494) - Cross-Site-Scripting (XSS) bug in phpinfo() (CVE-2006-0996) - mb_send_mail() lacked safe_mode checks (CVE-2006-1014, CVE-2006-1015) - html_entity_decode() could expose memory content (CVE-2006-1490)
last seen	2019-10-28
modified	2006-05-13
plugin id	21369
published	2006-05-13
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/21369
title	SUSE-SA:2006:024: php4,php5

Statements

contributor	Mark J Cox
lastmodified	2006-08-30
organization	Red Hat
statement	We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Statements

References