User: Password:
Subscribe / Log in / New account

sup-mail: two command injection flaws

Package(s):sup-mail CVE #(s):CVE-2013-4478 CVE-2013-4479
Created:December 1, 2013 Updated:December 4, 2013
Description: joernchen of Phenoelit discovered two command injection flaws in Sup, a console-based email client. An attacker might execute arbitrary command if the user opens a maliciously crafted email.

From the Debian advisory:

CVE-2013-4478: Sup wrongly handled the filename of attachments.

CVE-2013-4479: Sup did not sanitize the content-type of attachments.

Debian DSA-2805-1 sup-mail 2013-11-27

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds