FreeBSD : Roundcube -- arbitrary command execution (125f5958-b611-11e6-a9a5-b499baebfeaf)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Roundcube project reports

steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before
1.2.3, when no SMTP server is configured and the sendmail program is
enabled, does not properly restrict the use of custom envelope-from
addresses on the sendmail command line, which allows remote
authenticated users to execute arbitrary code via a modified HTTP
request that sends a crafted e-mail message.

See also :

http://www.openwall.com/lists/oss-security/2016/12/08/17
https://github.com/roundcube/roundcubemail/wiki/Changelog#release-123
http://www.nessus.org/u?8868e402

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 95393 ()

Bugtraq ID: 94858

CVE ID: CVE-2016-9920

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now