Lucene search

[email protected]CVE-2006-5449

HistoryOct 23, 2006 - 5:07 p.m.

CVE-2006-5449

2006-10-2317:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-5449

procmail

ingo h3

remote authenticated users

arbitrary commands

shell metacharacters

mailbox destination

6.9 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.9%

JSON

procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule.

CPENameOperatorVersion
horde:ingo_h3horde ingo h3le1.1.1

CPE	Name	Operator	Version
horde:ingo_h3	horde ingo h3	le	1.1.1

References

bugs.horde.org/ticket/?Horde=6ed1a009f3396864553976a45948339e&id=4513

lists.horde.org/archives/announce/2006/000296.html

secunia.com/advisories/22482

secunia.com/advisories/22656

secunia.com/advisories/23100

www.debian.org/security/2006/dsa-1204

www.gentoo.org/security/en/glsa/glsa-200611-22.xml

www.securityfocus.com/bid/20637

www.vupen.com/english/advisories/2006/4124

6.9 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.9%

JSON

Related for CVE-2006-5449

openvas6 nessus4 gentoo1 osv1 freebsd1 debian1 securityvulns1 ubuntucve1