CVE-2007-4538
Gentoo Linux Security Advisory 200709-18
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters.
email_in.pl en Bugzilla 2.23.4 hasta la 3.0.0 permite a atacantes remotos ejecutar comandos de su elección a través de la opción -f (Dirección Desde) en la función Email::Send::Sendmail, probablemente afectando al interprete de comandos de metacaracteres.
Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not properly sanitize the content of the buildid parameter when filing bugs. The next two vulnerabilities only affect Bugzilla 2.23.3 or later, hence the stable Gentoo Portage tree does not contain these two vulnerabilities: Loic Minier reported that the Email::Send::Sendmail() function does not properly sanitize from email information before sending it to the -f parameter of /usr/sbin/sendmail, and Frederic Buclin discovered that the XML-RPC interface does not correctly check permissions in the time-tracking fields. Versions less than 3.0.1 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-08-27 CVE Reserved
- 2007-08-27 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/37203 | Vdb Entry | |
| http://secunia.com/advisories/26971 | Third Party Advisory | |
| http://www.bugzilla.org/security/2.20.4 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/477630/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1018604 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/2977 | Vdb Entry | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=386860 | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36243 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/25425 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/26584 | 2018-10-15 |
| URL | Date | SRC |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200709-18.xml | 2018-10-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 2.4 Search vendor "Mozilla" for product "Bugzilla" and version "2.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 2.6 Search vendor "Mozilla" for product "Bugzilla" and version "2.6" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 2.8 Search vendor "Mozilla" for product "Bugzilla" and version "2.8" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 2.9 Search vendor "Mozilla" for product "Bugzilla" and version "2.9" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 2.23.4 Search vendor "Mozilla" for product "Bugzilla" and version "2.23.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Bugzilla Search vendor "Mozilla" for product "Bugzilla" | 3.0.0 Search vendor "Mozilla" for product "Bugzilla" and version "3.0.0" | - |
Affected
| ||||||