Mandriva Linux Security Advisory : php-pear-Mail (MDVSA-2010:025)
High Nessus Plugin ID 44303
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities were discovered and corrected in php-pear (Mail) :
Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted parameter, a different vector than CVE-2009-4111 (CVE-2009-4023).
Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023 (CVE-2009-4111).
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
The updated packages have been patched to correct these issues.
SolutionUpdate the affected php-pear and / or php-pear-Mail packages.