CVE-2007-2173 - OpenCVE

Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Double Precision Incorporated	Courier-imap
Gentoo	Linux

Configuration 1 [-]

AND

cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.0:::::::*
	cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.1:::::::*
	cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.2:::::::*
	cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.3:::::::*
	cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.4:::::::*
	cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.5:::::::*
	cpe:2.3:a:double_precision_incorporated:courier-imap:4.1.0:::::::*
	cpe:2.3:a:double_precision_incorporated:courier-imap:4.1.1:::::::*

No data.

References

Link	Providers
http://bugs.gentoo.org/show_bug.cgi?id=168196
http://osvdb.org/35274
http://secunia.com/advisories/24963
http://security.gentoo.org/glsa/glsa-200704-18.xml
http://www.securityfocus.com/bid/23589
https://exchange.xforce.ibmcloud.com/vulnerabilities/33805

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-24T16:00:00

Updated: 2024-08-07T13:23:51.016Z

Reserved: 2007-04-24T00:00:00

Link: CVE-2007-2173

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-04-24T16:19:00.000

Modified: 2017-07-29T01:31:16.127

Link: CVE-2007-2173

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-23T00:00:00", "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "gentoo-courier-imap-command-execution(33805)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33805"}, {"name": "GLSA-200704-18", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200704-18.xml"}, {"name": "23589", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23589"}, {"name": "35274", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35274"}, {"name": "24963", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24963"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=168196"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2173", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "gentoo-courier-imap-command-execution(33805)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33805"}, {"name": "GLSA-200704-18", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200704-18.xml"}, {"name": "23589", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23589"}, {"name": "35274", "refsource": "OSVDB", "url": "http://osvdb.org/35274"}, {"name": "24963", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24963"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=168196", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=168196"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:23:51.016Z"}, "title": "CVE Program Container", "references": [{"name": "gentoo-courier-imap-command-execution(33805)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33805"}, {"name": "GLSA-200704-18", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200704-18.xml"}, {"name": "23589", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23589"}, {"name": "35274", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35274"}, {"name": "24963", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24963"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=168196"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2173", "datePublished": "2007-04-24T16:00:00", "dateReserved": "2007-04-24T00:00:00", "dateUpdated": "2024-08-07T13:23:51.016Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D299A35C-8F6B-44CE-BBCB-D2443FED6202", "vulnerable": true}, {"criteria": "cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F0F0DD12-16EA-4D64-B51E-A9F256446F60", "vulnerable": true}, {"criteria": "cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B2A338D1-2ECC-4DDE-9C15-89D183067124", "vulnerable": true}, {"criteria": "cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F7EBC12E-2258-4054-B906-D589EE89DDBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "7002E0AC-90B7-4155-8380-243323ED5961", "vulnerable": true}, {"criteria": "cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "5B0A48D7-371A-4F77-B06B-E9569A53E08C", "vulnerable": true}, {"criteria": "cpe:2.3:a:double_precision_incorporated:courier-imap:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A03DC584-F9C2-45D1-96A6-48E19608BEE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:double_precision_incorporated:courier-imap:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8EB119A1-5581-482D-8153-8FE7FB060A31", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable."}, {"lang": "es", "value": "Vulnerabilidad de evaluaci\u00f3n directa de c\u00f3digo din\u00e1mico (eval injection) en (1) courier-imapd.indirect y (2) courier-pop3d.indirect en Courier-IMAP anterior a 4.0.6-r2, y 4.1.x anterior a 4.1.2-r1, en Gentoo Linux permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de la variable XMAILDIR, relacionada con la variable LOGINRUN."}], "id": "CVE-2007-2173", "lastModified": "2017-07-29T01:31:16.127", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-24T16:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=168196"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35274"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/24963"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200704-18.xml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23589"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33805"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}