CVE-2013-4478

Name of the Vulnerable Software and Affected Versions sup versions prior to 0.13.2.1 sup versions 0.14.x prior to 0.14.1.1

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment. Multiple vulnerabilities in the sup-mail package of the Debian GNU/Linux operating system can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 0.13.2.1, update to version 0.13.2.1 or later. For versions 0.14.x prior to 0.14.1.1, update to version 0.14.1.1 or later. As a temporary workaround, consider restricting the handling of email attachments to minimize the risk of exploitation.