CVE-2018-19518
HIGH7.5EPSS 93.9%uw-imap - security update
發布日:2018/11/25修改日:2026/4/28
也稱為:DEBIAN-CVE-2018-19518
描述
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.
受影響套件(4)
- Debian/php5from 0, < 5.6.39+dfsg-0+deb8u1
- Debian/uw-imapfrom 0, < 8:2007f~dfsg-6
- Debian/uw-imapfrom 0, < 8:2007f~dfsg-4+deb8u1
- Debian/uw-imapfrom 0, < 8:2007f~dfsg-5+deb9u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |