[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692)
From:       Dawid Golunski <dawid () legalhackers ! com>
Date:       2017-04-27 4:48:32
Message-ID: CADSYzst1LHBrdak=PmYQf1mzbhC2k5ynes_-xbXW+yiv5hnAXw () mail ! gmail ! com
[Download RAW message or body]

In case anyone needs the patched release, it looks like the patch got
included at last in version:
squirrelmail-20170427_0200-SVN


Regards,
Dawid Golunski
https://legalhackers.com  |  https://ExploitBox.io
t: @dawid_golunski


On Mon, Apr 24, 2017 at 6:14 PM, Dawid Golunski <dawid@legalhackers.com> wrote:
> SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692)
>
> Desc.:
> SquirrelMail is affected by a critical Remote Code Execution vulnerability
> which stems from insufficient escaping of user-supplied data when
> SquirrelMail has been configured with Sendmail as the main transport.
> An authenticated attacker may be able to exploit the vulnerability
> to execute arbitrary commands on the target and compromise the remote
> system.
>
> Discovered by:
> Dawid Golunski (https://legalhackers.com : https://ExploitBox.io)
> , as well as Filippo Cavallarin (see attached advisory for details)
>
> Official solution:
> Vendor seems to have released a new version of 1.4.23 on
> squirrelmail-20170424_0200-SVN.stable.tar.gz
> which still seems to be vulnerable hence a new subject/thread.
>
> The exploit from my advisory was also confirmed to work on Ubuntu
> package: '1.4.23~svn20120406-2ubuntu1.16.04.1'.
>
> Hence the updated version in the subject/advisory title.
>
> Full advisory URL:
>
> https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html
>
>
>
> --
> Regards,
> Dawid Golunski
> https://legalhackers.com
> https://ExploitBox.io
> t: @dawid_golunski
[prev in list] [next in list] [prev in thread] [next in thread]