6.8

CVE-2009-1381

Exploit
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.  NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SquirrelmailImap General.Php Version1.2.2
   SquirrelmailImap General.Php Version1.2.2
   SquirrelmailImap General.Php Version1.2.2
   SquirrelmailImap General.Php Version1.2.2
   SquirrelmailImap General.Php Version1.2.2
   SquirrelmailImap General.Php Version1.2.2
   SquirrelmailImap General.Php Version1.2.2
   SquirrelmailImap General.Php Version1.2.2
   SquirrelmailImap General.Php Version1.2.2
   SquirrelmailImap General.Php Version1.2.2
SquirrelmailSquirrelmail Version1.2.5
   SquirrelmailSquirrelmail Version1.2.5
   SquirrelmailSquirrelmail Version1.2.5
   SquirrelmailSquirrelmail Version1.2.5
   SquirrelmailSquirrelmail Version1.2.5
   SquirrelmailSquirrelmail Version1.2.5
   SquirrelmailSquirrelmail Version1.2.5
   SquirrelmailSquirrelmail Version1.2.5
   SquirrelmailSquirrelmail Version1.2.5
   SquirrelmailSquirrelmail Version1.2.5
SquirrelmailSquirrelmail Version1.2.6
   SquirrelmailSquirrelmail Version1.2.6
   SquirrelmailSquirrelmail Version1.2.6
   SquirrelmailSquirrelmail Version1.2.6
   SquirrelmailSquirrelmail Version1.2.6
   SquirrelmailSquirrelmail Version1.2.6
   SquirrelmailSquirrelmail Version1.2.6
   SquirrelmailSquirrelmail Version1.2.6
   SquirrelmailSquirrelmail Version1.2.6
   SquirrelmailSquirrelmail Version1.2.6
SquirrelmailSquirrelmail Version1.2.6-rc1
   SquirrelmailSquirrelmail Version1.2.6-rc1
   SquirrelmailSquirrelmail Version1.2.6-rc1
   SquirrelmailSquirrelmail Version1.2.6-rc1
   SquirrelmailSquirrelmail Version1.2.6-rc1
   SquirrelmailSquirrelmail Version1.2.6-rc1
   SquirrelmailSquirrelmail Version1.2.6-rc1
   SquirrelmailSquirrelmail Version1.2.6-rc1
   SquirrelmailSquirrelmail Version1.2.6-rc1
   SquirrelmailSquirrelmail Version1.2.6-rc1
SquirrelmailSquirrelmail Version1.2.7
   SquirrelmailSquirrelmail Version1.2.7
   SquirrelmailSquirrelmail Version1.2.7
   SquirrelmailSquirrelmail Version1.2.7
   SquirrelmailSquirrelmail Version1.2.7
   SquirrelmailSquirrelmail Version1.2.7
   SquirrelmailSquirrelmail Version1.2.7
   SquirrelmailSquirrelmail Version1.2.7
   SquirrelmailSquirrelmail Version1.2.7
   SquirrelmailSquirrelmail Version1.2.7
SquirrelmailSquirrelmail Version1.2.8
   SquirrelmailSquirrelmail Version1.2.8
   SquirrelmailSquirrelmail Version1.2.8
   SquirrelmailSquirrelmail Version1.2.8
   SquirrelmailSquirrelmail Version1.2.8
   SquirrelmailSquirrelmail Version1.2.8
   SquirrelmailSquirrelmail Version1.2.8
   SquirrelmailSquirrelmail Version1.2.8
   SquirrelmailSquirrelmail Version1.2.8
   SquirrelmailSquirrelmail Version1.2.8
SquirrelmailSquirrelmail Version1.2.9
   SquirrelmailSquirrelmail Version1.2.9
   SquirrelmailSquirrelmail Version1.2.9
   SquirrelmailSquirrelmail Version1.2.9
   SquirrelmailSquirrelmail Version1.2.9
   SquirrelmailSquirrelmail Version1.2.9
   SquirrelmailSquirrelmail Version1.2.9
   SquirrelmailSquirrelmail Version1.2.9
   SquirrelmailSquirrelmail Version1.2.9
   SquirrelmailSquirrelmail Version1.2.9
SquirrelmailSquirrelmail Version1.2.10
   SquirrelmailSquirrelmail Version1.2.10
   SquirrelmailSquirrelmail Version1.2.10
   SquirrelmailSquirrelmail Version1.2.10
   SquirrelmailSquirrelmail Version1.2.10
   SquirrelmailSquirrelmail Version1.2.10
   SquirrelmailSquirrelmail Version1.2.10
   SquirrelmailSquirrelmail Version1.2.10
   SquirrelmailSquirrelmail Version1.2.10
   SquirrelmailSquirrelmail Version1.2.10
SquirrelmailSquirrelmail Version1.2.11
   SquirrelmailSquirrelmail Version1.2.11
   SquirrelmailSquirrelmail Version1.2.11
   SquirrelmailSquirrelmail Version1.2.11
   SquirrelmailSquirrelmail Version1.2.11
   SquirrelmailSquirrelmail Version1.2.11
   SquirrelmailSquirrelmail Version1.2.11
   SquirrelmailSquirrelmail Version1.2.11
   SquirrelmailSquirrelmail Version1.2.11
   SquirrelmailSquirrelmail Version1.2.11
SquirrelmailSquirrelmail Version1.4.0
   SquirrelmailSquirrelmail Version1.4.0
   SquirrelmailSquirrelmail Version1.4.0
   SquirrelmailSquirrelmail Version1.4.0
   SquirrelmailSquirrelmail Version1.4.0
   SquirrelmailSquirrelmail Version1.4.0
   SquirrelmailSquirrelmail Version1.4.0
   SquirrelmailSquirrelmail Version1.4.0
   SquirrelmailSquirrelmail Version1.4.0
   SquirrelmailSquirrelmail Version1.4.0
SquirrelmailSquirrelmail Version1.4.0-r1
   SquirrelmailSquirrelmail Version1.4.0-r1
   SquirrelmailSquirrelmail Version1.4.0-r1
   SquirrelmailSquirrelmail Version1.4.0-r1
   SquirrelmailSquirrelmail Version1.4.0-r1
   SquirrelmailSquirrelmail Version1.4.0-r1
   SquirrelmailSquirrelmail Version1.4.0-r1
   SquirrelmailSquirrelmail Version1.4.0-r1
   SquirrelmailSquirrelmail Version1.4.0-r1
   SquirrelmailSquirrelmail Version1.4.0-r1
SquirrelmailSquirrelmail Version1.4.1
   SquirrelmailSquirrelmail Version1.4.1
   SquirrelmailSquirrelmail Version1.4.1
   SquirrelmailSquirrelmail Version1.4.1
   SquirrelmailSquirrelmail Version1.4.1
   SquirrelmailSquirrelmail Version1.4.1
   SquirrelmailSquirrelmail Version1.4.1
   SquirrelmailSquirrelmail Version1.4.1
   SquirrelmailSquirrelmail Version1.4.1
   SquirrelmailSquirrelmail Version1.4.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.94% 0.853
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/35140
Vendor Advisory
http://www.debian.org/security/2009/dsa-1802
Vendor Advisory
http://release.debian.org/proposed-updates/stable_diffs/squirrelmail_1.4.15-4+lenny2.debdiff
Vendor Advisory
Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2009:122
http://www.securityfocus.com/archive/1/503718/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01195.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01202.html