Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4538

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4538
Last Modified 07 Mar 2011 09:58:44
Published 27 Aug 2007 05:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4538

Summary

email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters.

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.23.4

  • Mozilla Bugzilla 2.4

  • Mozilla Bugzilla 2.6

  • Mozilla Bugzilla 2.8

  • Mozilla Bugzilla 2.9

  • Mozilla Bugzilla 3.0.0


References

BID - 25425

SECUNIA - 26584

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=386860

VUPEN - ADV-2007-2977

CONFIRM - http://www.bugzilla.org/security/2.20.4/

OSVDB - 37203

XF - bugzilla-sendmail-command-execution(36243)

SECTRACK - 1018604

BUGTRAQ - 20070823 Security Advisory for Bugzilla 3.0, 2.22.1, and 2.20.4

GENTOO - GLSA-200709-18

SECUNIA - 26971


Last Updated: 27 May 2016 10:45:54