CVE-2018-19518

Published: 25/11/2018 Updated: 07/11/2023

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 758

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote malicious users to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php
debian debian linux 8.0
debian debian linux 9.0
uw-imap project uw-imap 2007f
canonical ubuntu linux 18.04
canonical ubuntu linux 19.04
canonical ubuntu linux 16.04

UW IMAP could be made to execute programs if it received specially crafted input ...

Debian Bug report logs - #913775 php73-imap: CVE-2018-19518: imap_open() function command injection Package: php73-imap; Maintainer for php73-imap is Debian PHP Maintainers <team+pkg-php@trackerdebianorg>; Source for php73-imap is src:php73 (PTS, buildd, popcon) Reported by: rhns <vulns@rhnseu> Date: Thu, 15 ...

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a "Transfer-Encoding: chunked" request and the IMAP extension performed in ...

ext/imap/php_imapc in PHP 5x and 7x before 730 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function(CVE-2018-19935) University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launch ...

University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1c and the tcp_aopen function in osdep/unix/tcp_unixc) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if t ...

CVE-2018-19518 免责声明本程序应仅用于授权的安全测试与研究目的，请使用者遵照网络安全法合理使用。使用者使用该工具出现任何非法攻击等违法行为，与作者无关。使用 python CVE-2018-19518py 目标ip 目标port shell-ip shell-port

some works on CVE-2018-19518

CVE-2018-19518 last rapport here : gitlabcom/ensimag-security/CVE-2018-19518/-/jobs/artifacts/master/raw/rapportpdf?job=PDF Usage run app docker-compose up -d example normal usage for the web app imap : webmailgrenoble-inporg user : prenomnom@grenoble-inporg password : xxx exploit using echo '1234567890'>

How to do recon on a web-application properly

Information Gathering [ Reloaded ] Information Gathering & Scaning for sensitive information Whois Lookup To Check Other websites registered by the registrant of the site (reverse check on the registrant, email address, and telephone), and in-depth investigation of the sites found whois targettld Website Ip For collecting Ser

Dorks for Google, Shodan and BinaryEdge

Dorks are cool Dorks for Google, Shodan and BinaryEdge Only for use on bug bounty programs or in cordination with a legal security assesment I am in no way responsible for the usage of these search queries Be responsible thanks - wwwbugcrowdcom/resource/what-is-responsible-disclosure/ This repository is "under construction" feel free to make pull requests

CWE-88 https://www.openwall.com/lists/oss-security/2018/11/22/3 https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php https://bugs.php.net/bug.php?id=77160 https://bugs.php.net/bug.php?id=77153 https://bugs.php.net/bug.php?id=76428 https://bugs.debian.org/913836 https://bugs.debian.org/913835 https://bugs.debian.org/913775 https://antichat.com/threads/463395/#post-4254681 http://www.securitytracker.com/id/1042157 http://www.securityfocus.com/bid/106018 https://www.exploit-db.com/exploits/45914/https://www.debian.org/security/2018/dsa-4353 https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html https://security.netapp.com/advisory/ntap-20181221-0004/https://lists.debian.org/debian-lts-announce/2019/03/msg00001.html https://usn.ubuntu.com/4160-1/https://security.gentoo.org/glsa/202003-57 https://lists.debian.org/debian-lts-announce/2021/12/msg00031.html https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e5bfea64c81ae34816479bb05d17cdffe45adddb https://usn.ubuntu.com/4160-1/https://nvd.nist.gov

CVE-2018-19518

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect