| VID |
21574 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Open WebMail, according to its version number, has a remote shell command execution vulnerability. Open WebMail is an open-source Web mail system based on the Neomail version 1.14 from Ernie Miller, written in Perl for Unix-based operating systems. Open WebMail versions prior to 2.51-20050430 could allow a remote attacker to execute arbitrary shell commands, caused by improper validation of certain user-supplied parameters passed to a Perl open() function call. A remote authenticated attacker could send specially crafted parameter values to execute operating system commands on the affected system.
* Note: This check solely relied on the version number of the Open WebMail installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securitytracker.com/alerts/2005/May/1013859.html
* Platforms Affected:
Open WebMail Project, Open WebMail versions prior 2.51-20050430
Linux Any version
Unix Any version |
| Recommendation |
This issue has been addressed in releases of Open WebMail dated after Apr 30, 2005. Upgrade to the latest version of Open WebMail (2.51-20050430 or later), available from the Open WebMail Download Web page at http://openwebmail.org/openwebmail/download/ |
| Related URL |
CVE-2005-1435 (CVE) |
| Related URL |
13472 (SecurityFocus) |
| Related URL |
20356 (ISS) |
|
