The map_yp_alias function in functions/imap_general.php in SquirrelMail prior to 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote malicious users to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
squirrelmail squirrelmail 1.4.0-r1 |
||
squirrelmail squirrelmail 1.2.7 |
||
squirrelmail squirrelmail 1.2.6-rc1 |
||
squirrelmail squirrelmail 1.2.9 |
||
squirrelmail squirrelmail 1.4.1 |
||
squirrelmail squirrelmail 1.4.0 |
||
squirrelmail squirrelmail 1.2.6 |
||
squirrelmail imap general.php 1.2.2 |
||
squirrelmail squirrelmail 1.2.10 |
||
squirrelmail squirrelmail 1.2.5 |
||
squirrelmail squirrelmail 1.2.8 |
||
squirrelmail squirrelmail 1.2.11 |