Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1468

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1468
Last Modified 05 Sep 2008 04:41:28
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1468

Summary

The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.

Vulnerable Systems

Application

  • Usermin 1.000

  • Usermin 1.010

  • Usermin 1.020

  • Usermin 1.030

  • Usermin 1.040

  • Usermin 1.051

  • Usermin 1.060

  • Usermin 1.070

  • Usermin 1.080

  • Webmin 1.0.00

  • Webmin 1.0.20

  • Webmin 1.0.50

  • Webmin 1.0.60

  • Webmin 1.0.70

  • Webmin 1.0.80

  • Webmin 1.0.90

  • Webmin 1.1.00

  • Webmin 1.1.10

  • Webmin 1.1.21

  • Webmin 1.1.30

  • Webmin 1.1.40

  • Webmin 1.1.50


References

BID - 1122

GENTOO - GLSA-200409-15

SECUNIA - 12488

XF - usermin-web-mail-command-execution(17293)

MISC - http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html


Last Updated: 27 May 2016 10:39:02