OSVDB ID: 37203

Title: Bugzilla email_in.pl Email::Send::Sendmail Function Arbitrary Command Execution

Info

Disclosure

Aug 24, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Disclosure: Vendor Verified

Solution

Upgrade to version 2.20.5, 2.22.3, 3.0.1, 3.1.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

Security Tracker: 1018604
CVE ID: 2007-4538 (see also: NVD)
Bugtraq ID: 25425
Secunia Advisory ID: 26584 26971
ISS X-Force ID: 36243
Related OSVDB ID: 37201 37202
VUPEN Advisory: ADV-2007-2977
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-08/0387.html
Other Advisory URL: http://www.bugzilla.org/security/2.20.4/
http://www.gentoo.org/security/en/glsa/glsa-200709-18.xml
Vendor Specific News/Changelog Entry: http://www.bugzilla.org/security/2.20.4/
https://bugzilla.mozilla.org/show_bug.cgi?id=386860

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/37203