Lucene search

MitreCVE-2006-5449

HistoryOct 23, 2006 - 5:07 p.m.

CVE-2006-5449

2006-10-2317:07:00

mitre

web.nvd.nist.gov

cve-2006-5449

procmail

ingo h3

remote authenticated users

arbitrary commands

shell metacharacters

mailbox destination

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.006

Percentile

78.2%

JSON

procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule.

Affected configurations

Nvd

Node

hordeingo_h3Range≤1.1.1

VendorProductVersionCPE
hordeingo_h3*cpe:2.3:a:horde:ingo_h3:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
horde	ingo_h3	*	cpe:2.3:a:horde:ingo_h3::::::::

References

bugs.horde.org/ticket/?Horde=6ed1a009f3396864553976a45948339e&id=4513

lists.horde.org/archives/announce/2006/000296.html

secunia.com/advisories/22482

secunia.com/advisories/22656

secunia.com/advisories/23100

www.debian.org/security/2006/dsa-1204

www.gentoo.org/security/en/glsa/glsa-200611-22.xml

www.securityfocus.com/bid/20637

www.vupen.com/english/advisories/2006/4124

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.006

Percentile

78.2%

JSON

Related for CVE-2006-5449