Unrated severityNVD Advisory· Published Apr 24, 2007· Updated Apr 23, 2026

CVE-2007-2173

Description

Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.

Affected products

Double Precision Incorporated/Courier IMAP8 versions
cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier-imap:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier-imap:4.1.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/24963nvdPatchVendor Advisory
bugs.gentoo.org/show_bug.cginvd
osvdb.org/35274nvd
security.gentoo.org/glsa/glsa-200704-18.xmlnvd
www.securityfocus.com/bid/23589nvd
exchange.xforce.ibmcloud.com/vulnerabilities/33805nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000