PT-2003-2152 · Omail · @Mail Webmail

Phillip Whelan

Publicado

2003-08-19

Atualizado

2017-07-11

CVE-2003-1202

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions omail webmail versions 0.98.4 and earlier

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the password, domainname, or username variables. This is due to a problem in the checklogin function in omail.pl.

Recommendations For omail webmail versions 0.98.4 and earlier, as a temporary workaround, consider disabling the checklogin function until a patch is available. Restrict access to the omail.pl script to minimize the risk of exploitation. Avoid using shell metacharacters in the password, domainname, or username variables in the affected script until the issue is resolved.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2003-1202

Produtos afetados

@Mail Webmail

PT-2003-2152 · Omail · @Mail Webmail

CVE-2003-1202

Identificadores relacionados

Produtos afetados

Referências · 6