CVE-2018-19518
uw-imap - security update
Description
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.
How to fix CVE-2018-19518
To remediate CVE-2018-19518, upgrade the affected package to a fixed version below.
- —upgrade to 5.6.39+dfsg-0+deb8u1 or later
- —upgrade to 8:2007f~dfsg-6 or later
- —upgrade to 8:2007f~dfsg-4+deb8u1 or later
- —upgrade to 8:2007f~dfsg-5+deb9u1 or later
Is CVE-2018-19518 being exploited?
Likely — EPSS is 93.9%, placing CVE-2018-19518 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (4)
- from 0, < 5.6.39+dfsg-0+deb8u1
- from 0, < 8:2007f~dfsg-6
- from 0, < 8:2007f~dfsg-4+deb8u1
- from 0, < 8:2007f~dfsg-5+deb9u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |