Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2009-1579

Published: 14/05/2009 Updated: 29/09/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Squirrelmail

Vulnerability Summary

The map_yp_alias function in functions/imap_general.php in SquirrelMail prior to 1.4.18 and NaSMail prior to 1.7 allows remote malicious users to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.

Vulnerable Product Search on Vulmon Subscribe to Product

squirrelmail squirrelmail 1.4.0_rc2a

squirrelmail squirrelmail 1.4.0

squirrelmail squirrelmail 1.3.0

squirrelmail squirrelmail 1.3.2

squirrelmail squirrelmail 1.2.11

squirrelmail squirrelmail 1.2.2

squirrelmail squirrelmail 1.0.5

squirrelmail squirrelmail 1.0pre2

squirrelmail squirrelmail 1.0.1

squirrelmail squirrelmail 1.0.2

squirrelmail squirrelmail 0.1

squirrelmail squirrelmail 0.2.1

squirrelmail squirrelmail 0.2

squirrelmail squirrelmail 1.4.10

squirrelmail squirrelmail 1.4.1

squirrelmail squirrelmail 1.2.8

squirrelmail squirrelmail 1.2.6

squirrelmail squirrelmail 1.2.3

squirrelmail squirrelmail 1.2.4

squirrelmail squirrelmail 0.1.1

squirrelmail squirrelmail 1.4.16

squirrelmail squirrelmail 1.1.3

squirrelmail squirrelmail 1.0pre1

squirrelmail squirrelmail 1.0

squirrelmail squirrelmail 0.4

squirrelmail squirrelmail 0.4pre1

squirrelmail squirrelmail 0.4pre2

squirrelmail squirrelmail

squirrelmail squirrelmail 0.1.2

squirrelmail squirrelmail 1.4.15_rc1

squirrelmail squirrelmail 1.4.15

squirrelmail squirrelmail 1.2.9

squirrelmail squirrelmail 1.4

squirrelmail squirrelmail 1.3.1

squirrelmail squirrelmail 1.2.0

squirrelmail squirrelmail 1.2.1

squirrelmail squirrelmail 1.2.0_rc3

squirrelmail squirrelmail 1.2.10

squirrelmail squirrelmail 1.0.4

squirrelmail squirrelmail 1.0pre3

squirrelmail squirrelmail 1.0.3

squirrelmail squirrelmail 0.5pre1

squirrelmail squirrelmail 0.3.1

squirrelmail squirrelmail 0.3

squirrelmail squirrelmail 1.4.12

squirrelmail squirrelmail 1.4.11

squirrelmail squirrelmail 1.4.10a

squirrelmail squirrelmail 1.2.7

squirrelmail squirrelmail 1.4.0_rc1

squirrelmail squirrelmail 1.2

squirrelmail squirrelmail 1.2.5

squirrelmail squirrelmail 1.1.1

squirrelmail squirrelmail 1.1.2

squirrelmail squirrelmail 1.0.6

squirrelmail squirrelmail 1.1.0

squirrelmail squirrelmail 0.5pre2

squirrelmail squirrelmail 0.5

squirrelmail squirrelmail 0.3pre2

squirrelmail squirrelmail 0.3pre1

Vendor Advisories

Red Hat: Important: squirrelmail security update
Synopsis Important: squirrelmail security update Type/Severity Security Advisory: Important Topic An updated squirrelmail package that fixes multiple security issues is nowavailable for Red Hat Enterprise Linux 3, 4, and 5This update has been rated as having important security impact by the RedHat Security ...
Debian CVElist Bug Report Logs: [squirrelmail] Please bring latest security-fix release 1.4.18
Debian Bug report logs - #528528 [squirrelmail] Please bring latest security-fix release 1418 Package: squirrelmail; Maintainer for squirrelmail is Jeroen van Wolffelaar <jeroen@wolffelaarnl>; Source for squirrelmail is src:squirrelmail (PTS, buildd, popcon) Reported by: Philippe Teuwen <phil@teuwenorg> Date: Wed ...
Debian Security Advisories: DSA-1802-2 squirrelmail -- several vulnerabilities
Several remote vulnerabilities have been discovered in SquirrelMail, a webmail application The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1578 Cross site scripting was possible through a number of pages which allowed an attacker to steal sensitive session data CVE-2009-1579, CVE-2009-1381 ...

References

CWE-94http://secunia.com/advisories/35052http://www.mandriva.com/security/advisories?name=MDVSA-2009:110http://www.securityfocus.com/bid/34916http://secunia.com/advisories/35073http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLoghttp://www.vupen.com/english/advisories/2009/1296https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.htmlhttp://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674&r2=13673&pathrev=13674http://www.squirrelmail.org/security/issue/2009-05-10https://bugzilla.redhat.com/show_bug.cgi?id=500360http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13674https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.htmlhttp://www.debian.org/security/2009/dsa-1802http://secunia.com/advisories/35140http://www.redhat.com/support/errata/RHSA-2009-1066.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.htmlhttp://secunia.com/advisories/37415https://gna.org/forum/forum.php?forum_id=2146http://download.gna.org/nasmail/nasmail-1.7.ziphttp://www.vupen.com/english/advisories/2009/3315http://secunia.com/advisories/35259http://secunia.com/advisories/40220http://www.vupen.com/english/advisories/2010/1481http://support.apple.com/kb/HT4188http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/50461https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986https://access.redhat.com/errata/RHSA-2009:1066https://nvd.nist.govhttps://www.debian.org/security/./dsa-1802
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook