Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Open Webmail < 2.51 20050430 Shell Escape Arbitrary Command Execution



The remote host is vulnerable to an flaw that allows attackers to execute arbitrary commands.


The remote host is running Open Webmail, an open-source perl script that gives remote users a web-based interface to email. This version of Open Webmail is vulnerable to a content-parsing flaw that would allow a remote attack to run arbitrary code on the Open Webmail server. Specifically, the application fails to parse out the '|' character which can be used to append commands to system calls.


Upgrade to version 2.51 20050430 or higher.