VULHUB ™

A vulnerability exists in one method in which the cyrus IMAP server can be made to work with the Postfix MTA. By failing to check the contents of certain user supplied fields, its possible to cause procmail to execute shell backtick expansion (``), allowing the execution of arbitrary commands as the cyrus user. This does not represent a vulnerability in cyrus, procmail or postfix, but instead a vulnerability in one method for integrating these tools.

A vulnerability exists in one method in which the cyrus IMAP server can be made to work with the Postfix MTA. By failing to check the contents of certain user supplied fields, its possible to cause procmail to execute shell backtick expansion (``), allowing the execution of arbitrary commands as the cyrus user. This does not represent a vulnerability in cyrus, procmail or postfix, but instead a vulnerability in one method for integrating these tools.