Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1579

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-1579
Last Modified 21 Aug 2010 01:32:18
Published 14 May 2009 01:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1579

Summary

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.

Vulnerable Systems

Application

  • Squirrelmail

  • Squirrelmail 0.1

  • Squirrelmail 0.1.1

  • Squirrelmail 0.1.2

  • Squirrelmail 0.2

  • Squirrelmail 0.2.1

  • Squirrelmail 0.3

  • Squirrelmail 0.3.1

  • Squirrelmail 0.3pre1

  • Squirrelmail 0.3pre2

  • Squirrelmail 0.4

  • Squirrelmail 0.4pre1

  • Squirrelmail 0.4pre2

  • Squirrelmail 0.5

  • Squirrelmail 0.5pre1

  • Squirrelmail 0.5pre2

  • Squirrelmail 1.0

  • Squirrelmail 1.0.1

  • Squirrelmail 1.0.2

  • Squirrelmail 1.0.3

  • Squirrelmail 1.0.4

  • Squirrelmail 1.0.5

  • Squirrelmail 1.0.6

  • Squirrelmail 1.0pre1

  • Squirrelmail 1.0pre2

  • Squirrelmail 1.0pre3

  • Squirrelmail 1.1.0

  • Squirrelmail 1.1.1

  • Squirrelmail 1.1.2

  • Squirrelmail 1.1.3

  • Squirrelmail 1.2

  • Squirrelmail 1.2.0

  • Squirrelmail 1.2.0 Rc3

  • Squirrelmail 1.2.1

  • Squirrelmail 1.2.10

  • Squirrelmail 1.2.11

  • Squirrelmail 1.2.2

  • Squirrelmail 1.2.3

  • Squirrelmail 1.2.4

  • Squirrelmail 1.2.5

  • Squirrelmail 1.2.6

  • Squirrelmail 1.2.7

  • Squirrelmail 1.2.8

  • Squirrelmail 1.2.9

  • Squirrelmail 1.3.0

  • Squirrelmail 1.3.1

  • Squirrelmail 1.3.2

  • Squirrelmail 1.4

  • Squirrelmail 1.4.0

  • Squirrelmail 1.4.0 Rc1

  • Squirrelmail 1.4.0 Rc2a

  • Squirrelmail 1.4.1

  • Squirrelmail 1.4.10

  • Squirrelmail 1.4.10a

  • Squirrelmail 1.4.11

  • Squirrelmail 1.4.12

  • Squirrelmail 1.4.15

  • Squirrelmail 1.4.15 Rc1

  • Squirrelmail 1.4.16

  • Squirrelmail 1.4.17


References

FEDORA - FEDORA-2009-4880

FEDORA - FEDORA-2009-4870

VUPEN - ADV-2009-1296

CONFIRM - http://www.squirrelmail.org/security/issue/2009-05-10

BID - 34916

MANDRIVA - MDVSA-2009:110

CONFIRM - http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13674

CONFIRM - http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674&r2=13673&pathrev=13674

CONFIRM - http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog

FEDORA - FEDORA-2009-4875

CONFIRM - https://gna.org/forum/forum.php?forum_id=2146

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=500360

XF - squirrelmail-mapypalias-code-execution(50461)

VUPEN - ADV-2010-1481

VUPEN - ADV-2009-3315

REDHAT - RHSA-2009:1066

DEBIAN - DSA-1802

CONFIRM - http://support.apple.com/kb/HT4188

SECUNIA - 40220

SECUNIA - 37415

SECUNIA - 35259

SECUNIA - 35140

SECUNIA - 35073

SECUNIA - 35052

APPLE - APPLE-SA-2010-06-15-1

CONFIRM - http://download.gna.org/nasmail/nasmail-1.7.zip

Related Patches

Apple 2010-06-15 Mac OS X 10.6.4 Update Mac mini (Mid 2010)

Apple 2010-06-15 Mac OS X Server 10.6.4 Update Mac mini (Mid 2010)

Red Hat 2009:1066-01 RHSA Important: squirrelmail security update for RHEL 5 x86


Last Updated: 27 May 2016 10:50:36