Document SquirrelMail vulnerability
This commit is contained in:
parent
1daf3af818
commit
69eb65ecdc
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=448569
1 changed files with 29 additions and 0 deletions
|
@ -58,6 +58,35 @@ Notes:
|
|||
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
|
||||
-->
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
<vuln vid="e1de77e8-c45e-48d7-8866-5a6f943046de">
|
||||
<topic>SquirrelMail -- post-authentication remote code execution</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>squirrelmail</name>
|
||||
<range><lt>20170705</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>SquirrelMail developers report:</p>
|
||||
<blockquote cite="http://seclists.org/fulldisclosure/2017/Apr/81">
|
||||
<p>SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN)
|
||||
allows post-authentication remote code execution via a sendmail.cf
|
||||
file that is mishandled in a popen call. It's possible to exploit this
|
||||
vulnerability to execute arbitrary shell commands on the remote
|
||||
server.</p>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7692</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2017-04-19</discovery>
|
||||
<entry>2017-08-22</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="6876b163-8708-11e7-8568-e8e0b747a45a">
|
||||
<topic>pspp -- multiple vulnerabilities</topic>
|
||||
<affects>
|
||||
|
|
Loading…
Reference in a new issue