BID:9728 - Confirm E-Mail Header Remote Command Execution Vulnerability

Confirm E-Mail Header Remote Command Execution Vulnerability

BID:9728

Info

Confirm E-Mail Header Remote Command Execution Vulnerability

Bugtraq ID:	9728
Class:	Input Validation Error
CVE:	CVE-2004-0324
Remote:	Yes
Local:	No
Published:	Feb 23 2004 12:00AM
Updated:	Jul 12 2009 03:06AM
Credit:	Discovery is credited to Mariusz Woloszyn.
Vulnerable:	Confirm Confirm 0.62 Confirm Confirm 0.61 Confirm Confirm 0.60 Confirm Confirm 0.55 Confirm Confirm 0.54 Confirm Confirm 0.53 Confirm Confirm 0.52 Confirm Confirm 0.51 Confirm Confirm 0.50

Not Vulnerable:	Confirm Confirm 0.70

Discussion

Confirm E-Mail Header Remote Command Execution Vulnerability

The Confirm Procmail script is prone to a remote command execution vulnerability. This issue is exposed when the script handles malicious input such as shell metacharacters in e-mail headers.

Successful exploitation will allow for execution of shell commands in the context of the user invoking the script.

Exploit / POC

Confirm E-Mail Header Remote Command Execution Vulnerability

There is no exploit required.

Solution / Fix

Confirm E-Mail Header Remote Command Execution Vulnerability

Solution:
This issue has been addressed in Confirm 0.70.

Confirm Confirm 0.50

Confirm confirm-0.70.tgz
http://hr.uoregon.edu/davidrl/confirm/confirm-0.70.tgz

Confirm Confirm 0.51

Confirm confirm-0.70.tgz
http://hr.uoregon.edu/davidrl/confirm/confirm-0.70.tgz

Confirm Confirm 0.52

Confirm confirm-0.70.tgz
http://hr.uoregon.edu/davidrl/confirm/confirm-0.70.tgz

Confirm Confirm 0.53

Confirm confirm-0.70.tgz
http://hr.uoregon.edu/davidrl/confirm/confirm-0.70.tgz

Confirm Confirm 0.54

Confirm confirm-0.70.tgz
http://hr.uoregon.edu/davidrl/confirm/confirm-0.70.tgz

Confirm Confirm 0.55

Confirm confirm-0.70.tgz
http://hr.uoregon.edu/davidrl/confirm/confirm-0.70.tgz

Confirm Confirm 0.60

Confirm confirm-0.70.tgz
http://hr.uoregon.edu/davidrl/confirm/confirm-0.70.tgz

Confirm Confirm 0.61

Confirm confirm-0.70.tgz
http://hr.uoregon.edu/davidrl/confirm/confirm-0.70.tgz

Confirm Confirm 0.62

Confirm confirm-0.70.tgz
http://hr.uoregon.edu/davidrl/confirm/confirm-0.70.tgz

References

Confirm E-Mail Header Remote Command Execution Vulnerability

References:

Confirm Homepage (Confirm)