FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ingo -- local arbitrary shell command execution

Affected packages
ingo < 1.1.2

Details

VuXML ID 18a14baa-5ee5-11db-ae08-0008743bf21a
Discovery 2006-10-18
Entry 2006-10-18
Modified 2010-05-12

The Horde team reports a vulnerability within Ingo, the filter management suite. The vulnerability is caused due to inadequete escaping, possibly allowing a local user to execute arbitrary shell commands via procmail.

References

CVE Name CVE-2006-5449
URL http://bugs.horde.org/ticket/?id=4513
URL http://cvs.horde.org/diff.php/ingo/docs/CHANGES?r1=1.55.2.49&r2=1.55.2.59&ty=h
URL http://lists.horde.org/archives/announce/2006/000296.html