Detections
Analytics

FreeBSD : php-imap -- imap_open allows to run arbitrary shell commands via mailbox parameter (ec49f6b5-ee39-11e8-b2f4-74d435b63d51)

high Nessus Plugin ID 119110

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The PHP team reports :

imap_open allows to run arbitrary shell commands via mailbox parameter.

Solution

Update the affected packages.

See Also

https://bugs.php.net/bug.php?id=77153

http://www.nessus.org/u?eb87b34c

Plugin Details

Severity: High

ID: 119110

File Name: freebsd_pkg_ec49f6b5ee3911e8b2f474d435b63d51.nasl

Version: 1.2

Type: local

Published: 11/23/2018

Updated: 7/10/2019

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:php56-imap, p-cpe:/a:freebsd:freebsd:php70-imap, p-cpe:/a:freebsd:freebsd:php71-imap, p-cpe:/a:freebsd:freebsd:php72-imap, p-cpe:/a:freebsd:freebsd:php73-imap, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/22/2018

Vulnerability Publication Date: 10/23/2018