Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2284

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-2284
Last Modified 05 Sep 2008 04:43:42
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2284

Summary

The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.

Vulnerable Systems

Application

  • Open Webmail 1.7

  • Open Webmail 1.71

  • Open Webmail 1.8

  • Open Webmail 1.81

  • Open Webmail 1.90

  • Open Webmail 2.20

  • Open Webmail 2.21

  • Open Webmail 2.30

  • Open Webmail 2.31

  • Open Webmail 2.32


References

XF - open-webmail-vacation-program-execution(16549)

BID - 10637

OSVDB - 7474

SECTRACK - 1010605

SECUNIA - 12017

CONFIRM - http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt


Last Updated: 27 May 2016 10:39:24