Search...

RPMMail "MAIL FROM" Shell Metacharacter Command Execution

1999-10-04T00:00:00

ID OSVDB:6318
Type osvdb
Reporter Brock Tellier(btellier@webley.com)
Modified 1999-10-04T00:00:00

Description

Vulnerability Description

RPMMail contains a flaw that may allow a malicious user to obtain a root-shell. The issue is triggered when sending a mail with Shell metacharacters in the "MAIL FROM".

Solution Description

Upgrade to version 1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. This version of rpmmail should not be vulnerable to this attack:

ftp://reedycreek.com/reedycreek/rpmmaildemo/rpmmail-1.4.tar.gz

ftp://reedycreek.com/reedycreek/rpmmaildemo/rpmmail-1.4-2.i386.rpm

Short Description

RPMMail contains a flaw that may allow a malicious user to obtain a root-shell. The issue is triggered when sending a mail with Shell metacharacters in the "MAIL FROM".

References:

Keyword: mail,metacharachters ISS X-Force ID: 3353 CVE-1999-1542

JSON Vulners Source

Initial Source

{"type": "osvdb", "published": "1999-10-04T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6318", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 10.0}, "viewCount": 5, "edition": 1, "reporter": "Brock Tellier(btellier@webley.com)", "title": "RPMMail \"MAIL FROM\" Shell Metacharacter Command Execution", "affectedSoftware": [{"operator": "eq", "version": "1,0-1,4", "name": "RPMMail"}], "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2017-04-28T13:20:01", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-1999-1542"]}], "modified": "2017-04-28T13:20:01", "rev": 2}, "vulnersScore": 6.0}, "references": [], "id": "OSVDB:6318", "lastseen": "2017-04-28T13:20:01", "cvelist": ["CVE-1999-1542"], "modified": "1999-10-04T00:00:00", "description": "## Vulnerability Description\nRPMMail contains a flaw that may allow a malicious user to obtain a root-shell. The issue is triggered when sending a mail with Shell metacharacters in the \"MAIL FROM\". \n## Solution Description\nUpgrade to version 1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\nThis version of rpmmail should not be vulnerable to this attack:\n\nftp://reedycreek.com/reedycreek/rpmmaildemo/rpmmail-1.4.tar.gz\n\nftp://reedycreek.com/reedycreek/rpmmaildemo/rpmmail-1.4-2.i386.rpm \n## Short Description\nRPMMail contains a flaw that may allow a malicious user to obtain a root-shell. The issue is triggered when sending a mail with Shell metacharacters in the \"MAIL FROM\". \n## References:\nKeyword: mail,metacharachters\nISS X-Force ID: 3353\n[CVE-1999-1542](https://vulners.com/cve/CVE-1999-1542)\n"}

{"cve": [{"lastseen": "2020-10-03T11:36:56", "description": "RPMMail before 1.4 allows remote attackers to execute commands via an e-mail message with shell metacharacters in the \"MAIL FROM\" command.", "edition": 3, "cvss3": {}, "published": "1999-10-04T04:00:00", "title": "CVE-1999-1542", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-1542"], "modified": "2017-10-10T01:29:00", "cpe": ["cpe:/o:redhat:linux:6.0"], "id": "CVE-1999-1542", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1542", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*"]}]}