Vulnerability Name:

CVE-2002-1396 (CCN-10944)

Assigned:2002-12-27
Published:2002-12-27
Updated:2018-05-03
Summary:Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Fri Dec 27 2002 - 15:43:44 CST
Buffer overflow in PHP "wordwrap" function

Source: ENGARDE
Type: UNKNOWN
ESA-20030219-003

Source: CCN
Type: PHP Web site
Bug #20927 Crash inside libpq (PQexec) with PHP > 4.1.2 (Actually, culprit is wordwrap)

Source: CONFIRM
Type: Patch, Vendor Advisory
http://bugs.php.net/bug.php?id=20927

Source: MITRE
Type: CNA
CVE-2002-1396

Source: BUGTRAQ
Type: UNKNOWN
20021227 Buffer overflow in PHP "wordwrap" function

Source: CCN
Type: RHSA-2003-017
Updated PHP packages available

Source: CCN
Type: CIAC Information Bulletin N-042
Updated PHP packages available

Source: CCN
Type: Gentoo Linux Security Announcement 200301-8
mod_php php -- buffer overflow

Source: CCN
Type: EnGarde Secure Linux Security Advisory ESA-20030219-003
php, mod_php -- Several PHP vulnerabilities

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2003:019

Source: SUSE
Type: UNKNOWN
SuSE-SA:2003:0009

Source: CCN
Type: OpenPKG-SA-2003.005
PHP

Source: CCN
Type: OSVDB ID: 14530
PHP wordwrap() Function Overflow

Source: REDHAT
Type: UNKNOWN
RHSA-2003:017

Source: GENTOO
Type: UNKNOWN
200301-8

Source: BID
Type: Patch, Vendor Advisory
6488

Source: CCN
Type: BID-6488
PHP wordwrap() Heap Corruption Vulnerability

Source: CCN
Type: TLSA-2003-9
Buffer overflows

Source: XF
Type: UNKNOWN
php-wordwrap-bo(10944)

Source: XF
Type: UNKNOWN
php-wordwrap-bo(10944)

Source: SUSE
Type: SUSE-SA:2003:0009
mod_php4: remote system compromise

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:4.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.3:-:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:4.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.2.2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_linux:-:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_professional:-:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:8:*:*:*:server:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20021396
    V
    		CVE-2002-1396
    2015-11-16
    BACK
    php php 4.1.2
    php php 4.2.0
    php php 4.2.1
    php php 4.2.2
    php php 4.2.3
    php php 4.2.3 -
    php php 4.2.2
    redhat linux 7
    redhat linux 7.1
    redhat linux 7.2
    engardelinux secure linux -
    openpkg openpkg 1.0
    redhat linux 7.3
    engardelinux secure professional -
    openpkg openpkg current
    gentoo linux *
    redhat linux 8.0
    openpkg openpkg 1.1
    mandrakesoft mandrake linux 9.0
    suse suse linux 8.1
    suse linux enterprise server 8
    turbolinux turbolinux 8
    openpkg openpkg 1.2
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake multi network firewall 2.0
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0