Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23882

HistoryApr 10, 2020 - 12:39 a.m.

Arbitrary Code Execution

2020-04-1000:39:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

15

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

squirrelmail is vulnerable to arbitrary code execution. The vulnerability exists as a server-side code injection flaw was found in the SquirrelMail “map_yp_alias” function. If SquirrelMail was configured to retrieve a user’s IMAP server address from a Network Information Service (NIS) server via the “map_yp_alias” function, an unauthenticated, remote attacker using a specially-crafted username could use this flaw to execute arbitrary code with the privileges of the web server.

CPENameOperatorVersion
squirrelmaileq1.4.8__4.el5
squirrelmaileq1.4.8__4.el3
squirrelmaileq1.4.6__7.el4
squirrelmaileq1.4.6__5.el3
squirrelmaileq1.4.8__8.el3
squirrelmaileq1.4.8__4.el4
squirrelmaileq1.4.8__9.el3
squirrelmaileq1.4.8__6.el3
squirrelmaileq1.4.8__2.el3
squirrelmaileq1.4.6__7.el3

Rows per page:

1-10 of 281

References

download.gna.org/nasmail/nasmail-1.7.zip

lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

secunia.com/advisories/35052

secunia.com/advisories/35073

secunia.com/advisories/35140

secunia.com/advisories/35259

secunia.com/advisories/37415

secunia.com/advisories/40220

squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog

squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674&r2=13673&pathrev=13674

squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13674

support.apple.com/kb/HT4188

www.debian.org/security/2009/dsa-1802

www.mandriva.com/security/advisories?name=MDVSA-2009:110

www.redhat.com/security/updates/classification/#important

www.redhat.com/support/errata/RHSA-2009-1066.html

www.securityfocus.com/bid/34916

www.squirrelmail.org/security/issue/2009-05-08

www.squirrelmail.org/security/issue/2009-05-10

www.squirrelmail.org/security/issue/2009-05-12

www.vupen.com/english/advisories/2009/1296

www.vupen.com/english/advisories/2009/3315

www.vupen.com/english/advisories/2010/1481

access.redhat.com/errata/RHSA-2009:1066

bugzilla.redhat.com/show_bug.cgi?id=500360

exchange.xforce.ibmcloud.com/vulnerabilities/50461

gna.org/forum/forum.php?forum_id=2146

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986

www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html

www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html

www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

Related for VERACODE:23882

prion2 nessus15 cve2 ubuntucve2 openvas34 oraclelinux1 redhat1 centos1 fedora6 debian2 securityvulns2 gentoo1 osv2