Source: uw-imap Version: 8:2007f~dfsg-5 Severity: important Tags: security upstream
Hi, The following vulnerability was published for uw-imap. CVE-2018-19518[0]: | University of Washington IMAP Toolkit 2007f on UNIX, as used in | imap_open() in PHP and other products, launches an rsh command (by | means of the imap_rimap function in c-client/imap4r1.c and the | tcp_aopen function in osdep/unix/tcp_unix.c) without preventing | argument injection, which might allow remote attackers to execute | arbitrary OS commands if the IMAP server name is untrusted input (e.g., | entered by a user of a web application) and if rsh has been replaced by | a program with different argument semantics. For example, if rsh is a | link to ssh (as seen on Debian and Ubuntu systems), then the attack can | use an IMAP server name containing a "-oProxyCommand" argument. This was originally filled for PHP (cf. #913775 and cloned bugs), but the issue could possibly be fixed within osdep/unix/tcp_unix.c in the IMAP Toolkit code. See the security-tracker page for further references. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-19518 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19518 Regards, Salvatore
