PT-2018-2653 · Washington University+4 · University Of Washington Imap Toolkit+5

Hanno Böck

·

Publicado

2018-11-15

·

Atualizado

2025-09-29

·

CVE-2018-19518

CVSS v2.0

8.5

Alta

VetorAV:N/AC:M/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions University of Washington IMAP Toolkit version 2007f PHP (affected versions not specified) uw-imap (affected versions not specified)
Description The issue is related to insufficient neutralization of special elements in the IMAP interpreter component. This might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input. For example, if rsh is replaced by a program with different argument semantics, such as a link to ssh, an attack can use an IMAP server name containing a "-oProxyCommand" argument to exploit the issue.
Recommendations For University of Washington IMAP Toolkit version 2007f, consider disabling the use of rsh commands until a patch is available. For PHP, restrict access to the imap open() function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Argument Injection

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-88CWE-78

Identificadores relacionados

ALSA-2025_16880
ALT-PU-2018-2856
AZL-37053
AZL-37158
BDU:2019-01271
CVE-2018-19518
DLA-1608-1
DLA-1700-1
DLA-2866-1
DSA-4353-1
MGASA-2018-0484
OPENSUSE-SU-2018_4030-1
OPENSUSE-SU-2018_4038-1
SUSE-SU-2018:3986-1
SUSE-SU-2018:3988-1
SUSE-SU-2018:3995-1
SUSE-SU-2018_3986-1
SUSE-SU-2018_3988-1
SUSE-SU-2018_3995-1
USN-4160-1

Produtos afetados

Alt Linux
Php
Suse
Ubuntu
University Of Washington Imap Toolkit
Uw-Imap