Description
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open()
in PHP and other products, launches an rsh command (by means of the
imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in
osdep/unix/tcp_unix.c) without preventing argument injection, which might
allow remote attackers to execute arbitrary OS commands if the IMAP server
name is untrusted input (e.g., entered by a user of a web application) and
if rsh has been replaced by a program with different argument semantics.
For example, if rsh is a link to ssh (as seen on Debian and Ubuntu
systems), then the attack can use an IMAP server name containing a
"-oProxyCommand" argument.
Notes
mdeslaur> php5 in precise and trusty doesn't build imap, it is in a
mdeslaur> separate php-imap source package.
msalvatore> uw-imap has been defunct since 2008.
Package
Upstream: | needs-triage
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 LTS (Trusty Tahr): | released
(5.4.6-0ubuntu5.1)
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Ubuntu 18.10 (Cosmic Cuttlefish): | DNE
|
Ubuntu 19.04 (Disco Dingo): | DNE
|
Package
Upstream: | needs-triage
|
Ubuntu 12.04 ESM (Precise Pangolin): | not-affected
(code not present)
|
Ubuntu 14.04 LTS (Trusty Tahr): | not-affected
(code not present)
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Ubuntu 18.10 (Cosmic Cuttlefish): | DNE
|
Ubuntu 19.04 (Disco Dingo): | DNE
|
Package
Upstream: | released
(7.0.33)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 LTS (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | released
(7.0.33-0ubuntu0.16.04.1)
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Ubuntu 18.10 (Cosmic Cuttlefish): | DNE
|
Ubuntu 19.04 (Disco Dingo): | DNE
|
Package
Upstream: | released
(7.3.0)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 LTS (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Ubuntu 18.10 (Cosmic Cuttlefish): | DNE
|
Ubuntu 19.04 (Disco Dingo): | not-affected
(7.3.0-2)
|
Patches:
Updated: 2019-02-12 20:14:31 UTC (commit 9d30be97cb55abed5979e1371c86c51efd76f72b)