Hastymail rs parameter command injection

Added: 12/28/2011
CVE: CVE-2011-4542
BID: 50791
OSVDB: 77331

Background

Hastymail is a fast, secure, rfc-compliant, cross-platform IMAP/SMTP client application written in PHP providing a clean web interface for sending and reading E-mail.

Problem

Hastymail2 fails to properly sanitize user-supplied input passed to rs and rsargs[] parameters to the default URI. This can be exploited to execute arbitrary commands.

Resolution

Upgrade to Hastymail2 2.1.1-RC2 or later.

References

https://www.dognaedis.com/vulns/DGS-SEC-3.html

Limitations

This exploit has been tested against Hastymail2 2.1.0 on Windows XP SP3 and Hastymail2 2.1.1-RC1 on Ubuntu 10.04 Linux.
Back to exploit index