Open WebMail Remote Arbitrary Shell Command Execution Vulnerability
BID:13472
Info
Open WebMail Remote Arbitrary Shell Command Execution Vulnerability
| Bugtraq ID: | 13472 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1435 |
| Remote: | Yes |
| Local: | No |
| Published: | May 03 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | This vulnerability was announced by the vendor. |
| Vulnerable: |
Open Webmail Open Webmail 2.51 Open Webmail Open Webmail 2.32 Open Webmail Open Webmail 2.31 Open Webmail Open Webmail 2.30 Open Webmail Open Webmail 2.21 Open Webmail Open Webmail 2.20 Open Webmail Open Webmail 2.5 |
| Not Vulnerable: |
Open Webmail Open Webmail -current |
Discussion
Open WebMail Remote Arbitrary Shell Command Execution Vulnerability
Open WebMail is prone to a remote shell command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.
This issue has been addressed in releases of Open WebMail dated after Apr 30, 2005.
Open WebMail is prone to a remote shell command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.
This issue has been addressed in releases of Open WebMail dated after Apr 30, 2005.
Exploit / POC
Open WebMail Remote Arbitrary Shell Command Execution Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Open WebMail Remote Arbitrary Shell Command Execution Vulnerability
Solution:
The vendor has addressed this issue in the current release of the application.
Open Webmail Open Webmail 2.20
Open Webmail Open Webmail 2.21
Open Webmail Open Webmail 2.30
Open Webmail Open Webmail 2.31
Open Webmail Open Webmail 2.32
Open Webmail Open Webmail 2.5
Open Webmail Open Webmail 2.51
Solution:
The vendor has addressed this issue in the current release of the application.
Open Webmail Open Webmail 2.20
-
Open WebMail Open WebMail Current
http://openwebmail.org/openwebmail/download/
Open Webmail Open Webmail 2.21
-
Open WebMail Open WebMail Current
http://openwebmail.org/openwebmail/download/
Open Webmail Open Webmail 2.30
-
Open WebMail Open WebMail Current
http://openwebmail.org/openwebmail/download/
Open Webmail Open Webmail 2.31
-
Open WebMail Open WebMail Current
http://openwebmail.org/openwebmail/download/
Open Webmail Open Webmail 2.32
-
Open WebMail Open WebMail Current
http://openwebmail.org/openwebmail/download/
Open Webmail Open Webmail 2.5
-
Open WebMail Open WebMail Current
http://openwebmail.org/openwebmail/download/
Open Webmail Open Webmail 2.51
-
Open WebMail Open WebMail Current
http://openwebmail.org/openwebmail/download/
References
Open WebMail Remote Arbitrary Shell Command Execution Vulnerability
References:
References:
- Open Webmail Homepage (Open Webmail)
- Product Changelog (Open WebMail)