CVE-2007-2173

Published Apr 24, 2007

Last updated 7 years ago

Overview

Description: Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D299A35C-8F6B-44CE-BBCB-D2443FED6202"
          },
          {
            "criteria": "cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0F0DD12-16EA-4D64-B51E-A9F256446F60"
          },
          {
            "criteria": "cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2A338D1-2ECC-4DDE-9C15-89D183067124"
          },
          {
            "criteria": "cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7EBC12E-2258-4054-B906-D589EE89DDBA"
          },
          {
            "criteria": "cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7002E0AC-90B7-4155-8380-243323ED5961"
          },
          {
            "criteria": "cpe:2.3:a:double_precision_incorporated:courier-imap:4.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B0A48D7-371A-4F77-B06B-E9569A53E08C"
          },
          {
            "criteria": "cpe:2.3:a:double_precision_incorporated:courier-imap:4.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A03DC584-F9C2-45D1-96A6-48E19608BEE4"
          },
          {
            "criteria": "cpe:2.3:a:double_precision_incorporated:courier-imap:4.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EB119A1-5581-482D-8153-8FE7FB060A31"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References