CVE 2007-4538
email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::
See the 
CVE page on Mitre.org
for more details.
Launchpad.net
References
- MISC: https://bugzilla.mozil...
- CONFIRM: http://www.bugzilla.or...
- BID: 25425
- SECTRACK: 1018604
- SECUNIA: 26584
- GENTOO: GLSA-200709-18
- SECUNIA: 26971
- OSVDB: 37203
- VUPEN: ADV-2007-2977
- XF: bugzilla-sendmail-comm...
- BUGTRAQ: 20070823 Security Advi...
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)