CVE-2006-5313

Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary SMTP commands by placing them after a CRLF.CRLF sequence in the smtp_message parameter. NOTE: this crosses privilege boundaries if the SMTP server configuration prevents a user from establishing a direct SMTP session. NOTE: this is a different type of issue than CVE-2006-5262.

Score6.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationSINGLE_INSTANCE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-17 01:07:00.000-04
Last Modified2018-10-17 05:42:07.000-04

Vulnerable Software List

VendorProductVersions
Hastymail Hastymail 1.0.1, 1.0.2, 1.1, 1.2, 1.5

References

SourceLink
CONFIRMhttp://hastymail.sourceforge.net/security.php
BUGTRAQ20061202 [ISecAuditors Security Advisories] IMAP/SMTP Injection in Hastymail
BID20424
VUPENADV-2006-3956
XFhastymail-imap-command-execution(29407)