Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2018-19518

Public on 2018-11-25
Modified on 2019-01-12
Description

University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.

Severity
Medium
See what this means
CVSS v3 Base Score
8.1
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 php56 2019-01-09 22:58 ALAS-2019-1147
Amazon Linux 1 php70 2019-01-09 22:58 ALAS-2019-1147
Amazon Linux 1 php71 2019-01-09 22:58 ALAS-2019-1147
Amazon Linux 1 php72 2019-01-09 22:58 ALAS-2019-1147

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv3 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv2 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C