Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1141

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1141
Last Modified 07 Mar 2011 09:32:08
Published 10 Mar 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1141

Summary

Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable.

Vulnerable Systems

Application

  • Inter7 Qmailadmin 1.0.1

  • Inter7 Qmailadmin 1.0.2

  • Inter7 Qmailadmin 1.0.3

  • Inter7 Qmailadmin 1.0.4

  • Inter7 Qmailadmin 1.0.5

  • Inter7 Qmailadmin 1.0.6

  • Inter7 Qmailadmin 1.2.0

  • Inter7 Qmailadmin 1.2.1

  • Inter7 Qmailadmin 1.2.3

  • Inter7 Qmailadmin 1.2.7

  • Inter7 Qmailadmin 1.2.8

  • Inter7 Qmailadmin 1.2.9


References

XF - qmialadmin-qmailadmin-bo(25065)

BID - 16994

CONFIRM - http://sourceforge.net/project/shownotes.php?group_id=6691&release_id=395211

VUPEN - ADV-2006-0852

MISC - http://cvs.sourceforge.net/viewcvs.py/qmailadmin/qmailadmin/qmailadmin.c?r1=1.6.2.10&r2=1.6.2.11

OSVDB - 23705

GENTOO - GLSA-200611-15

SECUNIA - 23019

SECUNIA - 19262


Last Updated: 27 May 2016 10:41:56