RPMMail "MAIL FROM" Shell Metacharacter Command Execution

1999-10-04T00:00:00
ID OSVDB:6318
Type osvdb
Reporter Brock Tellier(btellier@webley.com)
Modified 1999-10-04T00:00:00

Description

Vulnerability Description

RPMMail contains a flaw that may allow a malicious user to obtain a root-shell. The issue is triggered when sending a mail with Shell metacharacters in the "MAIL FROM".

Solution Description

Upgrade to version 1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. This version of rpmmail should not be vulnerable to this attack:

ftp://reedycreek.com/reedycreek/rpmmaildemo/rpmmail-1.4.tar.gz

ftp://reedycreek.com/reedycreek/rpmmaildemo/rpmmail-1.4-2.i386.rpm

Short Description

RPMMail contains a flaw that may allow a malicious user to obtain a root-shell. The issue is triggered when sending a mail with Shell metacharacters in the "MAIL FROM".

References:

Keyword: mail,metacharachters ISS X-Force ID: 3353 CVE-1999-1542