Vulnerabilities > CVE-2002-0532 - Unspecified vulnerability in Emumail Emumail, Emumail RED HAT Linux and Emumail Unix

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

emumail

NVD

Published: 2002-08-12

Updated: 2008-09-05

Summary

EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters.

Vulnerable Configurations

Part	Description	Count
Application	Emumail Emumail Emumail 3.0 Emumail Emumail RED HAT Linux 5.0 Emumail Emumail RED HAT Linux 5.1 Emumail Emumail Unix 5.0 Emumail Emumail Unix 5.1	5

References

http://online.securityfocus.com/archive/1/266930
http://www.iss.net/security_center/static/8836.php
http://www.osvdb.org/5270
http://www.securityfocus.com/bid/4488