ID CVE-2017-5615
Summary cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location.
References
Vulnerable Configurations
  • cpe:2.3:a:cpanel:cgiemail
    cpe:2.3:a:cpanel:cgiemail
  • cpe:2.3:a:cpanel:cgiecho
    cpe:2.3:a:cpanel:cgiecho
CVSS
Base: 5.8 (as of 06-03-2017 - 13:25)
Impact:
Exploitability:
CWE CWE-601
CAPEC
  • Fake the Source of Data
    An adversary provides data under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or it might be an attempt by the adversary to assume the rights granted to another identity. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
nessus via4
NASL family Debian Local Security Checks
NASL id DEBIAN_DLA-869.NASL
description The cPanel Security Team discovered several security vulnerabilities in cgiemail, a CGI program used to create HTML forms for sending mails : CVE-2017-5613 A format string injection vulnerability allowed to supply arbitrary format strings to cgiemail and cgiecho. A local attacker with permissions to provide a cgiemail template could use this vulnerability to execute code as webserver user. Format strings in cgiemail tempaltes are now restricted to simple %s, %U and %H sequences. CVE-2017-5614 An open redirect vulnerability in cgiemail and cgiecho binaries could be exploited by a local attacker to force redirect to an arbitrary URL. These redirects are now limited to the domain that handled the request. CVE-2017-5615 A vulnerability in cgiemail and cgiecho binaries allowed injection of additional HTTP headers. Newline characters are now stripped from the redirect location to protect against this. CVE-2017-5616 Missing escaping of the addendum parameter lead to a reflected cross-site (XSS) vulnerability in cgiemail and cgiecho binaries. The output is now html escaped. For Debian 7 'Wheezy', these problems have been fixed in version 1.6-37+deb7u1. We recommend that you upgrade your cgiemail packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen 2019-02-21
modified 2018-07-09
plugin id 97964
published 2017-03-27
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=97964
title Debian DLA-869-1 : cgiemail security update
refmap via4
bid 95870
misc https://news.cpanel.com/tsr-2017-0001-full-disclosure/
mlist [oss-security] 20170128 Re: CVE request: cgiemail multiple vulnerabilities
Last major update 07-03-2017 - 08:34
Published 03-03-2017 - 10:59
Back to Top