1. CVE-Search
  2. CVE-2007-2173
ID CVE-2007-2173
Summary Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
References
Vulnerable Configurations
  • cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
  • cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:double_precision_incorporated:courier-imap:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:double_precision_incorporated:courier-imap:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:double_precision_incorporated:courier-imap:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:double_precision_incorporated:courier-imap:4.1.1:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 23589
confirm http://bugs.gentoo.org/show_bug.cgi?id=168196
gentoo GLSA-200704-18
osvdb 35274
secunia 24963
xf gentoo-courier-imap-command-execution(33805)
Last major update 29-07-2017 - 01:31
Published 24-04-2007 - 16:19
Last modified 29-07-2017 - 01:31
Back to Top