Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0532

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-0532
Last Modified 05 Sep 2008 04:28:16
Published 12 Aug 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0532

Summary

EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters.

Vulnerable Systems

Application

  • Emumail 3.0

  • Emumail Red Hat Linux 5.0

  • Emumail Red Hat Linux 5.1

  • Emumail Unix 5.0

  • Emumail Unix 5.1


References

BID - 4488

XF - emumail-http-host-execute(8836)

BUGTRAQ - 20020410 Re: emumail.cgi, one more local vulnerability (not verified)

OSVDB - 5270


Last Updated: 27 May 2016 10:36:57