Vulnerabilities > CVE-2007-2173 - Unspecified vulnerability in Double Precision Incorporated Courier-Imap

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

gentoo

double-precision-incorporated

critical

NVD

Published: 2007-04-24

Updated: 2017-07-29

Summary

Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.

Vulnerable Configurations

Part	Description	Count
OS	Gentoo Gentoo Linux *	1
Application	Double_Precision_Incorporated Double Precision Incorporated Courier Imap 4.0.0 Double Precision Incorporated Courier Imap 4.0.1 Double Precision Incorporated Courier Imap 4.0.2 Double Precision Incorporated Courier Imap 4.0.3 Double Precision Incorporated Courier Imap 4.0.4 Double Precision Incorporated Courier Imap 4.0.5 Double Precision Incorporated Courier Imap 4.1.0 Double Precision Incorporated Courier Imap 4.1.1	8

Summary

Vulnerable Configurations

References