EUVD-2007-2168

Malware in sbrugna...

GLSA-200704-18 : Courier-IMAP: Remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200704-18 Courier-IMAP: Remote execution of arbitrary code CJ Kucera has discovered that some Courier-IMAP scripts don't properly handle the XMAILDIR variable, allowing for shell command injection. Impact : A remote attacker could...

Design/Logic Flaw

Eval injection vulnerability in 1 courier-imapd.indirect and 2 courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable...

CVE-2007-2173

Eval injection vulnerability in 1 courier-imapd.indirect and 2 courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable...

Courier-IMAP shell characters problem

Invalid usage of XMAILDIR environment variable controlled by attacker thorugh logon request in the scripts courier-imapd.indirect and courier-pop3d.indirect...