CVE-2004-0324
CVSS7.5
发布时间 :2004-02-23 00:00:00
修订时间 :2016-10-17 22:43:52
NMCOS    

[原文]Confirm 0.62 and earlier could allow remote attackers to execute arbitrary code via an e-mail header that contains shell metacharacters such as ", `, |, ;, or $.


[CNNVD]Confirm E-Mail头远程命令执行漏洞(CNNVD-200402-088)

        
        Confirm是一个简单procmail脚本使用模型匹配帮助鉴别邮件的程序。
        Confirm在处理邮件头时缺少输入验证处理,远程攻击者可以利用这个漏洞以用户进程权限执行任意命令。
        问题主要是Confirm对邮件头中包含SHELL元字符的数据缺少充分过滤,远程攻击者可以构建恶意邮件,发送给目标处理,可以用户进程权限执行任意命令。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:confirm:confirm:0.50
cpe:/a:confirm:confirm:0.61
cpe:/a:confirm:confirm:0.60
cpe:/a:confirm:confirm:0.52
cpe:/a:confirm:confirm:0.51
cpe:/a:confirm:confirm:0.62
cpe:/a:confirm:confirm:0.54
cpe:/a:confirm:confirm:0.53
cpe:/a:confirm:confirm:0.55

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0324
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0324
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200402-088
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=107757320401858&w=2
(UNKNOWN)  BUGTRAQ  20040223 Lam3rZ Security Advisory #3/2004: A bug in Confirm leads to remote command execution
http://www.securityfocus.com/bid/9728
(VENDOR_ADVISORY)  BID  9728
http://xforce.iss.net/xforce/xfdb/15290
(VENDOR_ADVISORY)  XF  confirm-header-gain-access(15290)

- 漏洞信息

Confirm E-Mail头远程命令执行漏洞
高危 输入验证
2004-02-23 00:00:00 2005-10-20 00:00:00
远程  
        
        Confirm是一个简单procmail脚本使用模型匹配帮助鉴别邮件的程序。
        Confirm在处理邮件头时缺少输入验证处理,远程攻击者可以利用这个漏洞以用户进程权限执行任意命令。
        问题主要是Confirm对邮件头中包含SHELL元字符的数据缺少充分过滤,远程攻击者可以构建恶意邮件,发送给目标处理,可以用户进程权限执行任意命令。
        

- 公告与补丁

        厂商补丁:
        Confirm
        -------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        
        http://hr.uoregon.edu/davidrl/confirm/confirm-0.70.tgz

- 漏洞信息

3956
Confirm Remote Command Execution
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

Confirm contains a flaw that allows a remote attacker to execute arbitrary commands. The issue is due to a non-descript flaw in the program. If an attacker sends a specially crafted e-mail to a user running Confirm, they can trigger the script to execute arbitrary commands.

- 时间线

2004-02-09 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 0.70 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Confirm E-Mail Header Remote Command Execution Vulnerability
Input Validation Error 9728
Yes No
2004-02-23 12:00:00 2009-07-12 03:06:00
Discovery is credited to Mariusz Woloszyn.

- 受影响的程序版本

Confirm Confirm 0.62
Confirm Confirm 0.61
Confirm Confirm 0.60
Confirm Confirm 0.55
Confirm Confirm 0.54
Confirm Confirm 0.53
Confirm Confirm 0.52
Confirm Confirm 0.51
Confirm Confirm 0.50
Confirm Confirm 0.70

- 不受影响的程序版本

Confirm Confirm 0.70

- 漏洞讨论

The Confirm Procmail script is prone to a remote command execution vulnerability. This issue is exposed when the script handles malicious input such as shell metacharacters in e-mail headers.

Successful exploitation will allow for execution of shell commands in the context of the user invoking the script.

- 漏洞利用

There is no exploit required.

- 解决方案

This issue has been addressed in Confirm 0.70.


Confirm Confirm 0.50

Confirm Confirm 0.51

Confirm Confirm 0.52

Confirm Confirm 0.53

Confirm Confirm 0.54

Confirm Confirm 0.55

Confirm Confirm 0.60

Confirm Confirm 0.61

Confirm Confirm 0.62

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站