Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Gentoo: GLSA-200611-22 Normal: Ingo H3 Shell Command Execution Risk

gentoo
Calendar Grey November 27, 2006
Dist Gentoo Esm H88
The vulnerabilities in Ingo H3's shell command execution put Gentoo users at risk. Immediate upgrades are strongly advised for everyone.
Ingo H3 is vulnerable to arbitrary shell command execution when handling procmail rules.

Summary

Gentoo Linux Security Advisory GLSA 200611-22 https://security.gentoo.org/ Severity: Normal Title: Ingo H3: Folder name shell command injection Date: November 27, 2006 Bugs: #153927 ID: 200611-22

Synopsis ======= Ingo H3 is vulnerable to arbitrary shell command execution when handling procmail rules.
Background ========= Ingo H3 is a generic frontend for editing Sieve, procmail, maildrop and IMAP filter rules.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/horde-ingo < 1.1.2 >= 1.1.2
========== Ingo H3 fails to properly escape shell metacharacters in procmail rules.
Impact ===== A remote authenticated attacker could craft a malicious rule which c...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory Gentoo arbitrary execution procmail normal severity shell command execution Ingo H3

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory Gentoo arbitrary execution procmail normal severity shell command execution Ingo H3

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Related News

Your message here