EMU Webmail allows local attacker to execute arbitrary programs using a malicious HTTP Host value
| emumail-http-host-execute (8836) |  High Risk |
Description:
EMU Webmail could allow a local attacker to gain elevated privileges. A local attacker can connect to the Web server and send a specially-crafted HTTP request containing a malicious HTTP Host value to open arbitrary files on the system, including executable programs.
Platforms Affected:
- EMUMAIL, EMU Webmail 4.5.x
- EMUMAIL, EMU Webmail 5.1
Remedy:
No remedy available as of November 22, 2008.
Consequences:
Gain Privileges
References:
- BugTraq Mailing List, Wed Apr 10 2002 - 10:58:52 CDT, Re: emumail.cgi, one more local vulnerability (not verified) at http://archives.neohapsis.com/archives/bugtraq/2002-04/0117.html.
- BID-4488: EMUMail HTTP Host Arbitrary Config File Loading Vulnerability
- CVE-2002-0532: EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters.
- OSVDB ID: 5270: EMU Webmail HTTP Host Header Execute Arbitrary Program
Reported:
Apr 10, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net