{"id": "OPENVAS:1361412562310890869", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian LTS: Security Advisory for cgiemail (DLA-869-1)", "description": "The cPanel Security Team discovered several security vulnerabilities in\ncgiemail, a CGI program used to create HTML forms for sending mails:\n\nCVE-2017-5613\n\nA format string injection vulnerability allowed to supply arbitrary\nformat strings to cgiemail and cgiecho. A local attacker with\npermissions to provide a cgiemail template could use this\nvulnerability to execute code as webserver user.\nFormat strings in cgiemail templates are now restricted to simple\n%s, %U and %H sequences.\n\nCVE-2017-5614\n\nAn open redirect vulnerability in cgiemail and cgiecho binaries\ncould be exploited by a local attacker to force redirect to an\narbitrary URL. These redirects are now limited to the domain that\nhandled the request.\n\nCVE-2017-5615\n\nA vulnerability in cgiemail and cgiecho binaries allowed injection\nof additional HTTP headers. Newline characters are now stripped\nfrom the redirect location to protect against this.\n\nCVE-2017-5616\n\nMissing escaping of the addendum parameter lead to a reflected\ncross-site (XSS) vulnerability in cgiemail and cgiecho binaries.\nThe output is now html escaped.", "published": "2018-01-12T00:00:00", "modified": "2020-01-29T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890869", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net", "references": ["https://lists.debian.org/debian-lts-announce/2017/03/msg00026.html"], "cvelist": ["CVE-2017-5615", "CVE-2017-5613", "CVE-2017-5614", "CVE-2017-5616"], "lastseen": "2020-01-29T20:09:20", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "seebug", "idList": ["SSV:92980"]}, {"type": "cve", "idList": ["CVE-2017-5616", "CVE-2017-5614", "CVE-2017-5613", "CVE-2017-5615"]}, {"type": "debian", "idList": ["DEBIAN:DLA-869-1:F1ACD"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-869.NASL"]}], "modified": "2020-01-29T20:09:20", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2020-01-29T20:09:20", "rev": 2}, "vulnersScore": 6.5}, "pluginID": "1361412562310890869", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890869\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-5613\", \"CVE-2017-5614\", \"CVE-2017-5615\", \"CVE-2017-5616\");\n script_name(\"Debian LTS: Security Advisory for cgiemail (DLA-869-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-12 00:00:00 +0100 (Fri, 12 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/03/msg00026.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"cgiemail on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.6-37+deb7u1.\n\nWe recommend that you upgrade your cgiemail packages.\");\n\n script_tag(name:\"summary\", value:\"The cPanel Security Team discovered several security vulnerabilities in\ncgiemail, a CGI program used to create HTML forms for sending mails:\n\nCVE-2017-5613\n\nA format string injection vulnerability allowed to supply arbitrary\nformat strings to cgiemail and cgiecho. A local attacker with\npermissions to provide a cgiemail template could use this\nvulnerability to execute code as webserver user.\nFormat strings in cgiemail templates are now restricted to simple\n%s, %U and %H sequences.\n\nCVE-2017-5614\n\nAn open redirect vulnerability in cgiemail and cgiecho binaries\ncould be exploited by a local attacker to force redirect to an\narbitrary URL. These redirects are now limited to the domain that\nhandled the request.\n\nCVE-2017-5615\n\nA vulnerability in cgiemail and cgiecho binaries allowed injection\nof additional HTTP headers. Newline characters are now stripped\nfrom the redirect location to protect against this.\n\nCVE-2017-5616\n\nMissing escaping of the addendum parameter lead to a reflected\ncross-site (XSS) vulnerability in cgiemail and cgiecho binaries.\nThe output is now html escaped.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"cgiemail\", ver:\"1.6-37+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "naslFamily": "Debian Local Security Checks"}

{"seebug": [{"lastseen": "2017-11-19T11:59:41", "description": "> [] SEC-212 Format string injection\r\n>\r\n> The ability to supply arbitrary format strings to cgiemail and\r\n> cgiecho allowed code execution whenever a user was able to provide a\r\n> cgiemail template file.\r\n\r\nUse CVE-2017-5613.\r\n\r\n\r\n> [] SEC-214 Open redirect\r\n>\r\n> The cgiemail and cgiecho binaries served as an open redirect due to\r\n> their handling of the success and failure parameters.\r\n\r\nUse CVE-2017-5614.\r\n\r\n\r\n> [] SEC-215 HTTP header injection\r\n>\r\n> The handling of redirects in cgiemail and cgiecho did not protect\r\n> against the injection of additional HTTP headers.\r\n\r\nUse CVE-2017-5615.\r\n\r\n\r\n> [] Reflected XSS vulnerability\r\n>\r\n> The \"addendum\" parameter was reflected without any escaping in\r\n> success and error messages produced by cgiemail and cgiecho.\r\n\r\nUse CVE-2017-5616.", "published": "2017-04-21T00:00:00", "type": "seebug", "title": "cgiemail and cgiecho Multiple Security Vulnerabilities (CVE-2017-5613)", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-5613", "CVE-2017-5614", "CVE-2017-5615", "CVE-2017-5616"], "modified": "2017-04-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92980", "id": "SSV:92980", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2021-02-02T06:36:47", "description": "Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2017-03-03T15:59:00", "title": "CVE-2017-5614", "type": "cve", "cwe": ["CWE-601"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5614"], "modified": "2019-10-31T02:45:00", "cpe": [], "id": "CVE-2017-5614", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5614", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:36:47", "description": "Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-03T15:59:00", "title": "CVE-2017-5613", "type": "cve", "cwe": ["CWE-134"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5613"], "modified": "2017-03-07T13:38:00", "cpe": ["cpe:/a:cpanel:cgiemail:-", "cpe:/a:cpanel:cgiecho:-"], "id": "CVE-2017-5613", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5613", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:cpanel:cgiemail:-:*:*:*:*:*:*:*", "cpe:2.3:a:cpanel:cgiecho:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:47", "description": "cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2017-03-03T15:59:00", "title": "CVE-2017-5615", "type": "cve", "cwe": ["CWE-601"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5615"], "modified": "2017-03-07T13:34:00", "cpe": ["cpe:/a:cpanel:cgiemail:-", "cpe:/a:cpanel:cgiecho:-"], "id": "CVE-2017-5615", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5615", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:cpanel:cgiemail:-:*:*:*:*:*:*:*", "cpe:2.3:a:cpanel:cgiecho:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:47", "description": "Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2017-03-03T15:59:00", "title": "CVE-2017-5616", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5616"], "modified": "2017-03-07T12:55:00", "cpe": ["cpe:/a:cpanel:cgiemail:-", "cpe:/a:cpanel:cgiecho:-"], "id": "CVE-2017-5616", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5616", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:cpanel:cgiemail:-:*:*:*:*:*:*:*", "cpe:2.3:a:cpanel:cgiecho:-:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-12T09:44:20", "description": "The cPanel Security Team discovered several security vulnerabilities\nin cgiemail, a CGI program used to create HTML forms for sending \nmails :\n\nCVE-2017-5613\n\nA format string injection vulnerability allowed to supply arbitrary\nformat strings to cgiemail and cgiecho. A local attacker with\npermissions to provide a cgiemail template could use this\nvulnerability to execute code as webserver user. Format strings in\ncgiemail tempaltes are now restricted to simple %s, %U and %H\nsequences.\n\nCVE-2017-5614\n\nAn open redirect vulnerability in cgiemail and cgiecho binaries could\nbe exploited by a local attacker to force redirect to an arbitrary\nURL. These redirects are now limited to the domain that handled the\nrequest.\n\nCVE-2017-5615\n\nA vulnerability in cgiemail and cgiecho binaries allowed injection of\nadditional HTTP headers. Newline characters are now stripped from the\nredirect location to protect against this.\n\nCVE-2017-5616\n\nMissing escaping of the addendum parameter lead to a reflected\ncross-site (XSS) vulnerability in cgiemail and cgiecho binaries. The\noutput is now html escaped.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.6-37+deb7u1.\n\nWe recommend that you upgrade your cgiemail packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 15, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-03-27T00:00:00", "title": "Debian DLA-869-1 : cgiemail security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5615", "CVE-2017-5613", "CVE-2017-5614", "CVE-2017-5616"], "modified": "2017-03-27T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:cgiemail", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-869.NASL", "href": "https://www.tenable.com/plugins/nessus/97964", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-869-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97964);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5613\", \"CVE-2017-5614\", \"CVE-2017-5615\", \"CVE-2017-5616\");\n\n script_name(english:\"Debian DLA-869-1 : cgiemail security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The cPanel Security Team discovered several security vulnerabilities\nin cgiemail, a CGI program used to create HTML forms for sending \nmails :\n\nCVE-2017-5613\n\nA format string injection vulnerability allowed to supply arbitrary\nformat strings to cgiemail and cgiecho. A local attacker with\npermissions to provide a cgiemail template could use this\nvulnerability to execute code as webserver user. Format strings in\ncgiemail tempaltes are now restricted to simple %s, %U and %H\nsequences.\n\nCVE-2017-5614\n\nAn open redirect vulnerability in cgiemail and cgiecho binaries could\nbe exploited by a local attacker to force redirect to an arbitrary\nURL. These redirects are now limited to the domain that handled the\nrequest.\n\nCVE-2017-5615\n\nA vulnerability in cgiemail and cgiecho binaries allowed injection of\nadditional HTTP headers. Newline characters are now stripped from the\nredirect location to protect against this.\n\nCVE-2017-5616\n\nMissing escaping of the addendum parameter lead to a reflected\ncross-site (XSS) vulnerability in cgiemail and cgiecho binaries. The\noutput is now html escaped.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.6-37+deb7u1.\n\nWe recommend that you upgrade your cgiemail packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/03/msg00026.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/cgiemail\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected cgiemail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cgiemail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"cgiemail\", reference:\"1.6-37+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:23:09", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5615", "CVE-2017-5613", "CVE-2017-5614", "CVE-2017-5616"], "description": "Package : cgiemail\nVersion : 1.6-37+deb7u1\nCVE ID : CVE-2017-5613 CVE-2017-5614 CVE-2017-5615 CVE-2017-5616\nDebian Bug : 852031\n\n\nThe cPanel Security Team discovered several security vulnerabilities in\ncgiemail, a CGI program used to create HTML forms for sending mails:\n\nCVE-2017-5613\n\n A format string injection vulnerability allowed to supply arbitrary\n format strings to cgiemail and cgiecho. A local attacker with\n permissions to provide a cgiemail template could use this\n vulnerability to execute code as webserver user.\n Format strings in cgiemail tempaltes are now restricted to simple\n %s, %U and %H sequences.\n\nCVE-2017-5614\n\n An open redirect vulnerability in cgiemail and cgiecho binaries\n could be exploited by a local attacker to force redirect to an\n arbitrary URL. These redirects are now limited to the domain that\n handled the request.\n\nCVE-2017-5615\n\n A vulnerability in cgiemail and cgiecho binaries allowed injection\n of additional HTTP headers. Newline characters are now stripped\n from the redirect location to protect against this.\n\nCVE-2017-5616\n\n Missing escaping of the addendum parameter lead to a reflected\n cross-site (XSS) vulnerability in cgiemail and cgiecho binaries.\n The output is now html escaped.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.6-37+deb7u1.\n\nWe recommend that you upgrade your cgiemail packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\n- -- \nJonas Meurer\n\n\n", "edition": 2, "modified": "2017-03-24T12:06:30", "published": "2017-03-24T12:06:30", "id": "DEBIAN:DLA-869-1:F1ACD", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201703/msg00026.html", "title": "[SECURITY] [DLA 869-1] cgiemail security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}