2 matches found
cgiemail and cgiecho Multiple Security Vulnerabilities (CVE-2017-5613)
SEC-212 Format string injection The ability to supply arbitrary format strings to cgiemail and cgiecho allowed code execution whenever a user was able to provide a cgiemail template file. Use CVE-2017-5613. SEC-214 Open redirect The cgiemail and cgiecho binaries served as an open redirect due to...
CVE-2017-5613
CVE-2017-5613 affects the cgiemail and cgiecho CGI programs. A format-string vulnerability in template handling allows a local attacker with template-file access to execute code as the webserver user. Debian fixed this in package cgiemail 1.6-37+deb7u1 (DLA-869-1) by restricting format strings to...