[pkg-horde] Bug#396099: CVE-2006-5449: Ingo Folder Name Shell Command Injection Vulnerability

Stefan Fritsch sf at sfritsch.de
Sun Oct 29 21:03:29 CET 2006


package: ingo1
tags: security
severity: grave

A vulnerability has been found in ingo:

procmail in Ingo H3 before 1.1.2 Horde module allows remote
authenticated users to execute arbitrary commands via shell
metacharacters in the mailbox destination of a filter rule.


This is fixed in 1.1.2. See
http://secunia.com/advisories/22482
for details.

Please mention the CVE id in the changelog.




More information about the pkg-horde-hackers mailing list