Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 24 Apr 2017 19:51:24 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security <oss-security@...ts.openwall.com>
Subject: Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692)

On Mon, Apr 24, 2017 at 3:14 PM, Dawid Golunski <dawid@...alhackers.com>
wrote:

> SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692)
>
> Desc.:
> SquirrelMail is affected by a critical Remote Code Execution vulnerability
> which stems from insufficient escaping of user-supplied data when
> SquirrelMail has been configured with Sendmail as the main transport.
> An authenticated attacker may be able to exploit the vulnerability
> to execute arbitrary commands on the target and compromise the remote
> system.
>
> Discovered by:
> Dawid Golunski (https://legalhackers.com : https://ExploitBox.io)
> , as well as Filippo Cavallarin (see attached advisory for details)
>
> Official solution:
> Vendor seems to have released a new version of 1.4.23 on
> squirrelmail-20170424_0200-SVN.stable.tar.gz
> which still seems to be vulnerable hence a new subject/thread.
>

So Squirrelmail's last release was 2011.

**************************************
*** SquirrelMail Stable Series 1.4 ***
**************************************

Version 1.4.22 - 12 July 2011

I don't want to tell people what to do, but the fact is squirrelmail is
probably not something you should be using.



>
> The exploit from my advisory was also confirmed to work on Ubuntu
> package: '1.4.23~svn20120406-2ubuntu1.16.04.1'.
>
> Hence the updated version in the subject/advisory title.
>
> Full advisory URL:
>
> https://legalhackers.com/advisories/SquirrelMail-
> Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html
>
>
>
> --
> Regards,
> Dawid Golunski
> https://legalhackers.com
> https://ExploitBox.io
> t: @dawid_golunski
>



-- 

Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@...hat.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ