Libraesva ESG Command Injection Vulnerability

A command injection vulnerability has been identified in Libraesva Email Security Gateway (ESG) versions 4.5 through 5.5.x prior to 5.5.7. This vulnerability allows arbitrary command execution by exploiting improper input sanitization of compressed email attachments. The flaw arises when the application fails to adequately remove active code from files in certain archive formats, enabling the execution of malicious commands as a non-privileged user.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of shell commands under a non-privileged user account.

Reproduction

The vulnerability can be reproduced by sending an email with a specially crafted compressed attachment that manipulates the application's input sanitization process. This should be done using an archive format that triggers the vulnerability, such as TNEF, which is commonly used by Microsoft Outlook.

Remediation

Users of Libraesva ESG versions 5.0, 5.1, 5.2, 5.4, and 5.5 have been automatically upgraded to the latest version containing the fix. On-premise customers with 4.X versions, which are no longer supported, must manually upgrade to 5.X.