Lucene search

K
cveRedhatCVE-2009-1381
HistoryMay 22, 2009 - 8:30 p.m.

CVE-2009-1381

2009-05-2220:30:00
redhat
web.nvd.nist.gov
46
squirrelmail
map_yp_alias
remote attackers
arbitrary commands
cve-2009-1381
nvd
debian gnu/linux
shell metacharacters

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.043

Percentile

92.3%

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.

Affected configurations

Nvd
Node
squirrelmailimap_general.phpMatch1.2.2
OR
squirrelmailsquirrelmailMatch1.2.5
OR
squirrelmailsquirrelmailMatch1.2.6
OR
squirrelmailsquirrelmailMatch1.2.6-rc1
OR
squirrelmailsquirrelmailMatch1.2.7
OR
squirrelmailsquirrelmailMatch1.2.8
OR
squirrelmailsquirrelmailMatch1.2.9
OR
squirrelmailsquirrelmailMatch1.2.10
OR
squirrelmailsquirrelmailMatch1.2.11
OR
squirrelmailsquirrelmailMatch1.4.0
OR
squirrelmailsquirrelmailMatch1.4.0-r1
OR
squirrelmailsquirrelmailMatch1.4.1
OR
squirrelmailsquirrelmailMatch1.4.2
OR
squirrelmailsquirrelmailMatch1.4.2-r1
OR
squirrelmailsquirrelmailMatch1.4.2-r2
OR
squirrelmailsquirrelmailMatch1.4.2-r3
OR
squirrelmailsquirrelmailMatch1.4.2-r4
OR
squirrelmailsquirrelmailMatch1.4.2-r5
OR
squirrelmailsquirrelmailMatch1.4.3_rc1
OR
squirrelmailsquirrelmailMatch1.4.3_rc1r1
OR
squirrelmailsquirrelmail1.4.19-1
VendorProductVersionCPE
squirrelmailimap_general.php1.2.2cpe:2.3:a:squirrelmail:imap_general.php:1.2.2:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.2.5cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.2.6cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.2.6-rc1cpe:2.3:a:squirrelmail:squirrelmail:1.2.6-rc1:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.2.7cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.2.8cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.2.9cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.2.10cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.2.11cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.0cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 211

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.043

Percentile

92.3%