compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi.
References
Link | Resource |
---|---|
http://www.iss.net/security_center/static/10491.php | Patch Vendor Advisory |
http://www.mailreader.com/download/ChangeLog | Vendor Advisory |
http://www.securityfocus.com/archive/1/297428 | Exploit Patch Vendor Advisory |
http://www.securityfocus.com/bid/6058 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2004-07-06T04:00:00
Updated: 2021-06-15T16:37:16
Reserved: 2004-06-30T00:00:00
Link: CVE-2002-1582
JSON object: View
NVD Information
Status : Analyzed
Published: 2004-12-06T05:00:00.000
Modified: 2008-09-05T20:30:59.217
Link: CVE-2002-1582
JSON object: View
Redhat Information
No data.
CWE