Affected versions of lettre allowed argument injection
to the sendmail command. It was possible, using forged
to pass arbitrary arguments to the sendmail executable.
Depending on the implementation (original sendmail, postfix, exim, etc.)
it could be possible in some cases to write email data into abritrary files (using sendmail’s
The flaw is corrected by modifying the executed command to stop parsing arguments
before passing the destination addresses.
NOTE: This vulnerability only affects the
sendmail transport. Others, including
smtp, are not
This vulnerability was reported by vin01.