PT-2018-2653 · Washington University+4 · University Of Washington Imap Toolkit+5

Hanno Böck

·

Published

2018-11-15

·

Updated

2025-09-29

·

CVE-2018-19518

CVSS v2.0

8.5

High

VectorAV:N/AC:M/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions University of Washington IMAP Toolkit version 2007f PHP (affected versions not specified) uw-imap (affected versions not specified)
Description The issue is related to insufficient neutralization of special elements in the IMAP interpreter component. This might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input. For example, if rsh is replaced by a program with different argument semantics, such as a link to ssh, an attack can use an IMAP server name containing a "-oProxyCommand" argument to exploit the issue.
Recommendations For University of Washington IMAP Toolkit version 2007f, consider disabling the use of rsh commands until a patch is available. For PHP, restrict access to the imap open() function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Argument Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-88CWE-78

Related Identifiers

ALSA-2025_16880
ALT-PU-2018-2856
AZL-37053
AZL-37158
BDU:2019-01271
CVE-2018-19518
DLA-1608-1
DLA-1700-1
DLA-2866-1
DSA-4353-1
MGASA-2018-0484
OPENSUSE-SU-2018_4030-1
OPENSUSE-SU-2018_4038-1
SUSE-SU-2018:3986-1
SUSE-SU-2018:3988-1
SUSE-SU-2018:3995-1
SUSE-SU-2018_3986-1
SUSE-SU-2018_3988-1
SUSE-SU-2018_3995-1
USN-4160-1

Affected Products

Alt Linux
Php
Suse
Ubuntu
University Of Washington Imap Toolkit
Uw-Imap