FreeBSD : php-imap -- imap_open allows to run arbitrary shell commands via mailbox parameter (ec49f6b5-ee39-11e8-b2f4-74d435b63d51)

High Nessus Plugin ID 119110

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The PHP team reports :

imap_open allows to run arbitrary shell commands via mailbox parameter.

Solution

Update the affected packages.

See Also

https://bugs.php.net/bug.php?id=77153

http://www.nessus.org/u?eb87b34c

Plugin Details

Severity: High

ID: 119110

File Name: freebsd_pkg_ec49f6b5ee3911e8b2f474d435b63d51.nasl

Version: 1.1

Type: local

Published: 2018/11/23

Modified: 2018/11/23

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:php56-imap, p-cpe:/a:freebsd:freebsd:php70-imap, p-cpe:/a:freebsd:freebsd:php71-imap, p-cpe:/a:freebsd:freebsd:php72-imap, p-cpe:/a:freebsd:freebsd:php73-imap, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2018/11/22

Vulnerability Publication Date: 2018/10/23