| VID |
21446 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Open WebMail system contains a remote command execution vulnerability in the userstat.pl script. Open WebMail is an open-source Web mail system based on the Neomail version 1.14 from Ernie Miller, written in Perl for Unix-based operating systems. Open WebMail versions 2.30 and earlier could allow a remote attacker to arbitrary commands with the web server's privileges by exploiting an unfiltered parameter in userstat.pl. The script doesn't properly filter out shell characters from the loginname parameter. By adding a ";", "|" or "( )" followed by the shell command to a GET, HEAD or POST request, a remote attacker can execute arbitrary system commands as an unprivileged user.
* References:
http://www.openwebmail.org/openwebmail/download/cert/advisories/SA-04:01.txt
http://www.osvdb.org/4201
http://secunia.com/advisories/11091/
http://beyonce.beyondsecurity.com/unixfocus/5XP0G0ACUC.html
* Platforms Affected:
Open WebMail 2.30 and earlier
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Open WebMail (current-2.41 dated 04-Jan-2005 or later), available from the Open WebMail Download Web site at http://openwebmail.org/openwebmail/download/current/ |
| Related URL |
(CVE) |
| Related URL |
10316 (SecurityFocus) |
| Related URL |
15444 (ISS) |
|
