Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
BID:23589
Info
Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
| Bugtraq ID: | 23589 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 22 2007 12:00AM |
| Updated: | Apr 23 2007 07:00PM |
| Credit: | CJ Kucera is credited with the discovery of this issue. |
| Vulnerable: |
Gentoo net-mail/courier-imap 4.0.1 |
| Not Vulnerable: |
Gentoo net-mail/courier-imap 4.0.6-r2 |
Discussion
Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
Courier-IMAP is prone to a shell-command-injection vulnerability.
Commands executed through this vulnerability could permit an attacker to gain access to a vulnerable system.
Courier-IMAP versions for Gentoo prior to 4.0.6-r2 are vulnerable to this issue.
Courier-IMAP is prone to a shell-command-injection vulnerability.
Commands executed through this vulnerability could permit an attacker to gain access to a vulnerable system.
Courier-IMAP versions for Gentoo prior to 4.0.6-r2 are vulnerable to this issue.
Exploit / POC
Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
Solution:
The vendor has released a fix to address this issue. Please see the references for more information.
Solution:
The vendor has released a fix to address this issue. Please see the references for more information.
References
Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
References:
References:
- CVE-2015-7513 Kernel: kvm: divide by zero issue leads to DoS (Prasad J Pandit)
- Bugzilla Bug 168196 (Gentoo)