CVE-2018-19518
Description
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- Range: = 2007f
- osv-coords9 versionspkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4
< 5.3.17-112.45.1+ 8 more
- (no CPE)range: < 5.3.17-112.45.1
- (no CPE)range: < 5.3.17-112.45.1
- (no CPE)range: < 5.3.17-112.45.1
- (no CPE)range: < 5.5.14-109.45.2
- (no CPE)range: < 5.5.14-109.45.2
- (no CPE)range: < 5.5.14-109.45.2
- (no CPE)range: < 7.0.7-50.56.2
- (no CPE)range: < 7.0.7-50.56.2
- (no CPE)range: < 7.0.7-50.56.2
Patches
Vulnerability mechanics
References
20- www.exploit-db.com/exploits/45914/mitreexploitx_refsource_EXPLOIT-DB
- security.gentoo.org/glsa/202003-57mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4160-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2018/dsa-4353mitrevendor-advisoryx_refsource_DEBIAN
- www.securityfocus.com/bid/106018mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1042157mitrevdb-entryx_refsource_SECTRACK
- antichat.com/threads/463395/mitrex_refsource_MISC
- bugs.debian.org/913775mitrex_refsource_MISC
- bugs.debian.org/913835mitrex_refsource_MISC
- bugs.debian.org/913836mitrex_refsource_MISC
- bugs.php.net/bug.phpmitrex_refsource_MISC
- bugs.php.net/bug.phpmitrex_refsource_MISC
- bugs.php.net/bug.phpmitrex_refsource_MISC
- git.php.netmitrex_refsource_CONFIRM
- github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.phpmitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2018/12/msg00006.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2019/03/msg00001.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2021/12/msg00031.htmlmitremailing-listx_refsource_MLIST
- security.netapp.com/advisory/ntap-20181221-0004/mitrex_refsource_CONFIRM
- www.openwall.com/lists/oss-security/2018/11/22/3mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.