php7.0 is vulnerable to remote code execution (RCE). University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a “-oProxyCommand” argument.

References

www.securityfocus.com/bid/106018

www.securitytracker.com/id/1042157

antichat.com/threads/463395/#post-4254681

bugs.debian.org/913775

bugs.debian.org/913835

bugs.debian.org/913836

bugs.php.net/bug.php?id=76428

bugs.php.net/bug.php?id=77153

bugs.php.net/bug.php?id=77160

git.php.net/?p=php-src.git;a=commit;h=e5bfea64c81ae34816479bb05d17cdffe45adddb

github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php

lists.debian.org/debian-lts-announce/2018/12/msg00006.html

lists.debian.org/debian-lts-announce/2019/03/msg00001.html

lists.debian.org/debian-lts-announce/2021/12/msg00031.html

security.gentoo.org/glsa/202003-57

security.netapp.com/advisory/ntap-20181221-0004/

usn.ubuntu.com/4160-1/

www.debian.org/security/2018/dsa-4353

www.exploit-db.com/exploits/45914/

www.openwall.com/lists/oss-security/2018/11/22/3

prion 1

openvas 17

osv 5

debian 4

attackerkb 1

nessus 30

suse 2

debiancve 1

wallarmlab 1

cve 2

alpinelinux 1

cvelist 1

ibm 2

ubuntucve 1

redhatcve 1

checkpoint_advisories 1

mageia 1

nvd 2

ubuntu 1

exploitdb 1

f5 1

fedora 2

amazon 1

metasploit 1

gentoo 1

prion

Input validation

2018-11-25 10:29:00

openvas

SUSE: Security Advisory (SUSE-SU-2018:3988-1)

2021-06-09 00:00:00

openSUSE: Security Advisory for Recommended (openSUSE-SU-2018:4038-1)

2018-12-10 00:00:00

Mageia: Security Advisory (MGASA-2018-0484)

2022-01-28 00:00:00

osv

uw-imap - security update

2021-12-29 00:00:00

CVE-2018-19518

2018-11-25 10:29:00

uw-imap - security update

2019-03-01 00:00:00

debian

[SECURITY] [DLA 2866-1] uw-imap security update

2021-12-29 17:12:17

[SECURITY] [DLA 1700-1] uw-imap security update

2019-03-01 13:26:16

[SECURITY] [DLA 1608-1] php5 security update

2018-12-17 01:56:08

attackerkb

CVE-2018-19518

2018-11-25 00:00:00

nessus

Debian DLA-2866-1 : uw-imap - LTS security update

2021-12-30 00:00:00

openSUSE Security Update : php5 (openSUSE-2018-1506)

2018-12-11 00:00:00

SUSE SLES12 Security Update : Recommended update for php7 (SUSE-SU-2018:3988-1)

2019-01-02 00:00:00

suse

Recommended update for php5 (moderate)

2018-12-08 00:19:13

Recommended update for php7 (moderate)

2018-12-08 00:11:09

debiancve

CVE-2018-19518

2018-11-25 10:29:00

wallarmlab

RCE in PHP or how to bypass disable_functions in PHP installations

2018-12-06 17:32:24

cve

CVE-2018-19518

2018-11-25 10:29:00

CVE-2018-1000859

2022-10-03 16:21:59

alpinelinux

CVE-2018-19518

2018-11-25 10:29:00

cvelist

CVE-2018-19518

2018-11-25 10:00:00

ibm

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in PHP.

2023-12-07 22:45:07

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in PHP (CVE-2018-19518)

2020-01-08 21:42:21

ubuntucve

CVE-2018-19518

2018-11-25 00:00:00

redhatcve

CVE-2018-19518

2018-11-28 10:19:59

checkpoint_advisories

PHP IMAP imap_open Command Injection (CVE-2018-19518)

2022-11-17 00:00:00

mageia

Updated php packages fix security vulnerability

2018-12-20 23:17:27

nvd

CVE-2018-19518

2018-11-25 10:29:00

CVE-2018-1000859

2018-12-06 17:15:08

ubuntu

UW IMAP vulnerability

2019-10-21 00:00:00

exploitdb

PHP imap_open - Remote Code Execution (Metasploit)

2018-11-29 00:00:00

K03544225 : PHP vulnerabilities CVE-2018-19518 and CVE-2018-19935

2019-01-08 00:00:00

fedora

[SECURITY] Fedora 29 Update: php-7.2.13-2.fc29

2018-12-17 19:12:53

[SECURITY] Fedora 28 Update: php-7.2.13-2.fc28

2018-12-17 02:28:09

amazon

Medium: php56, php70, php71, php72

2019-01-09 22:58:00

metasploit

php imap_open Remote Code Execution

2018-11-19 02:28:19

gentoo

PHP: Multiple vulnerabilities

2020-03-26 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.969

Percentile

99.7%

JSON

Related for VERACODE:26909