Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0990

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0990
Last Modified 05 Sep 2008 04:35:44
Published 20 Jan 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0990

Summary

The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.

Vulnerable Systems


References

BUGTRAQ - 20031224 Bugtraq Security Systems ADV-0001

XF - squirrelmail-parseaddress-command-execution(14079)

BID - 9296

BUGTRAQ - 20031226 Re: Reported Command Injection in Squirrelmail GPG

MISC - http://www.bugtraq.org/advisories/_BSSADV-0001.txt


Last Updated: 27 May 2016 10:38:08