Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5619

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-5619
Last Modified 27 Aug 2015 09:24:46
Published 16 Dec 2008 09:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5619

Summary

html2text.php in Chuggnutt HTML to Text Converter, as used in RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.

Vulnerable Systems

Application

  • Roundcube Webmail 0.2

  • Roundcube Webmail 0.2.1

  • Roundcube Webmail 0.2.3


References

FEDORA - FEDORA-2008-11234

FEDORA - FEDORA-2008-11220

VUPEN - ADV-2008-3419

VUPEN - ADV-2008-3418

BUGTRAQ - 20081222 POC for CVE-2008-5619 (roundcubemail PHP arbitrary code injection)

MLIST - [oss-security] 20081212 CVE Request - roundcubemail

MILW0RM - 7553

MILW0RM - 7549

MISC - http://trac.roundcube.net/ticket/1485618

CONFIRM - http://trac.roundcube.net/changeset/2148

CONFIRM - http://sourceforge.net/forum/forum.php?forum_id=898542

SECUNIA - 34789

SECUNIA - 33170

SECUNIA - 33145

OSVDB - 53893

CONFIRM - http://mahara.org/interaction/forum/topic.php?id=533


Last Updated: 27 May 2016 11:09:42