CVE-2009-1381

Exploit

EPSS 0.59%
Veröffentlicht 22.05.2009 20:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.  NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Squirrelmail ≫ Imap General.Php Version1.2.2

   Squirrelmail ≫ Imap General.Php Version1.2.2
   Squirrelmail ≫ Imap General.Php Version1.2.2
   Squirrelmail ≫ Imap General.Php Version1.2.2
   Squirrelmail ≫ Imap General.Php Version1.2.2
   Squirrelmail ≫ Imap General.Php Version1.2.2
   Squirrelmail ≫ Imap General.Php Version1.2.2
   Squirrelmail ≫ Imap General.Php Version1.2.2
   Squirrelmail ≫ Imap General.Php Version1.2.2
   Squirrelmail ≫ Imap General.Php Version1.2.2

Squirrelmail ≫ Squirrelmail Version1.2.5

   Squirrelmail ≫ Squirrelmail Version1.2.5
   Squirrelmail ≫ Squirrelmail Version1.2.5
   Squirrelmail ≫ Squirrelmail Version1.2.5
   Squirrelmail ≫ Squirrelmail Version1.2.5
   Squirrelmail ≫ Squirrelmail Version1.2.5
   Squirrelmail ≫ Squirrelmail Version1.2.5
   Squirrelmail ≫ Squirrelmail Version1.2.5
   Squirrelmail ≫ Squirrelmail Version1.2.5
   Squirrelmail ≫ Squirrelmail Version1.2.5

Squirrelmail ≫ Squirrelmail Version1.2.6

   Squirrelmail ≫ Squirrelmail Version1.2.6
   Squirrelmail ≫ Squirrelmail Version1.2.6
   Squirrelmail ≫ Squirrelmail Version1.2.6
   Squirrelmail ≫ Squirrelmail Version1.2.6
   Squirrelmail ≫ Squirrelmail Version1.2.6
   Squirrelmail ≫ Squirrelmail Version1.2.6
   Squirrelmail ≫ Squirrelmail Version1.2.6
   Squirrelmail ≫ Squirrelmail Version1.2.6
   Squirrelmail ≫ Squirrelmail Version1.2.6

Squirrelmail ≫ Squirrelmail Version1.2.6-rc1

   Squirrelmail ≫ Squirrelmail Version1.2.6-rc1
   Squirrelmail ≫ Squirrelmail Version1.2.6-rc1
   Squirrelmail ≫ Squirrelmail Version1.2.6-rc1
   Squirrelmail ≫ Squirrelmail Version1.2.6-rc1
   Squirrelmail ≫ Squirrelmail Version1.2.6-rc1
   Squirrelmail ≫ Squirrelmail Version1.2.6-rc1
   Squirrelmail ≫ Squirrelmail Version1.2.6-rc1
   Squirrelmail ≫ Squirrelmail Version1.2.6-rc1
   Squirrelmail ≫ Squirrelmail Version1.2.6-rc1

Squirrelmail ≫ Squirrelmail Version1.2.7

   Squirrelmail ≫ Squirrelmail Version1.2.7
   Squirrelmail ≫ Squirrelmail Version1.2.7
   Squirrelmail ≫ Squirrelmail Version1.2.7
   Squirrelmail ≫ Squirrelmail Version1.2.7
   Squirrelmail ≫ Squirrelmail Version1.2.7
   Squirrelmail ≫ Squirrelmail Version1.2.7
   Squirrelmail ≫ Squirrelmail Version1.2.7
   Squirrelmail ≫ Squirrelmail Version1.2.7
   Squirrelmail ≫ Squirrelmail Version1.2.7

Squirrelmail ≫ Squirrelmail Version1.2.8

   Squirrelmail ≫ Squirrelmail Version1.2.8
   Squirrelmail ≫ Squirrelmail Version1.2.8
   Squirrelmail ≫ Squirrelmail Version1.2.8
   Squirrelmail ≫ Squirrelmail Version1.2.8
   Squirrelmail ≫ Squirrelmail Version1.2.8
   Squirrelmail ≫ Squirrelmail Version1.2.8
   Squirrelmail ≫ Squirrelmail Version1.2.8
   Squirrelmail ≫ Squirrelmail Version1.2.8
   Squirrelmail ≫ Squirrelmail Version1.2.8

Squirrelmail ≫ Squirrelmail Version1.2.9

   Squirrelmail ≫ Squirrelmail Version1.2.9
   Squirrelmail ≫ Squirrelmail Version1.2.9
   Squirrelmail ≫ Squirrelmail Version1.2.9
   Squirrelmail ≫ Squirrelmail Version1.2.9
   Squirrelmail ≫ Squirrelmail Version1.2.9
   Squirrelmail ≫ Squirrelmail Version1.2.9
   Squirrelmail ≫ Squirrelmail Version1.2.9
   Squirrelmail ≫ Squirrelmail Version1.2.9
   Squirrelmail ≫ Squirrelmail Version1.2.9

Squirrelmail ≫ Squirrelmail Version1.2.10

   Squirrelmail ≫ Squirrelmail Version1.2.10
   Squirrelmail ≫ Squirrelmail Version1.2.10
   Squirrelmail ≫ Squirrelmail Version1.2.10
   Squirrelmail ≫ Squirrelmail Version1.2.10
   Squirrelmail ≫ Squirrelmail Version1.2.10
   Squirrelmail ≫ Squirrelmail Version1.2.10
   Squirrelmail ≫ Squirrelmail Version1.2.10
   Squirrelmail ≫ Squirrelmail Version1.2.10
   Squirrelmail ≫ Squirrelmail Version1.2.10

Squirrelmail ≫ Squirrelmail Version1.2.11

   Squirrelmail ≫ Squirrelmail Version1.2.11
   Squirrelmail ≫ Squirrelmail Version1.2.11
   Squirrelmail ≫ Squirrelmail Version1.2.11
   Squirrelmail ≫ Squirrelmail Version1.2.11
   Squirrelmail ≫ Squirrelmail Version1.2.11
   Squirrelmail ≫ Squirrelmail Version1.2.11
   Squirrelmail ≫ Squirrelmail Version1.2.11
   Squirrelmail ≫ Squirrelmail Version1.2.11
   Squirrelmail ≫ Squirrelmail Version1.2.11

Squirrelmail ≫ Squirrelmail Version1.4.0

   Squirrelmail ≫ Squirrelmail Version1.4.0
   Squirrelmail ≫ Squirrelmail Version1.4.0
   Squirrelmail ≫ Squirrelmail Version1.4.0
   Squirrelmail ≫ Squirrelmail Version1.4.0
   Squirrelmail ≫ Squirrelmail Version1.4.0
   Squirrelmail ≫ Squirrelmail Version1.4.0
   Squirrelmail ≫ Squirrelmail Version1.4.0
   Squirrelmail ≫ Squirrelmail Version1.4.0
   Squirrelmail ≫ Squirrelmail Version1.4.0

Squirrelmail ≫ Squirrelmail Version1.4.0-r1

   Squirrelmail ≫ Squirrelmail Version1.4.0-r1
   Squirrelmail ≫ Squirrelmail Version1.4.0-r1
   Squirrelmail ≫ Squirrelmail Version1.4.0-r1
   Squirrelmail ≫ Squirrelmail Version1.4.0-r1
   Squirrelmail ≫ Squirrelmail Version1.4.0-r1
   Squirrelmail ≫ Squirrelmail Version1.4.0-r1
   Squirrelmail ≫ Squirrelmail Version1.4.0-r1
   Squirrelmail ≫ Squirrelmail Version1.4.0-r1
   Squirrelmail ≫ Squirrelmail Version1.4.0-r1

Squirrelmail ≫ Squirrelmail Version1.4.1

   Squirrelmail ≫ Squirrelmail Version1.4.1
   Squirrelmail ≫ Squirrelmail Version1.4.1
   Squirrelmail ≫ Squirrelmail Version1.4.1
   Squirrelmail ≫ Squirrelmail Version1.4.1
   Squirrelmail ≫ Squirrelmail Version1.4.1
   Squirrelmail ≫ Squirrelmail Version1.4.1
   Squirrelmail ≫ Squirrelmail Version1.4.1
   Squirrelmail ≫ Squirrelmail Version1.4.1
   Squirrelmail ≫ Squirrelmail Version1.4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.59%	0.684

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/35140

Vendor Advisory

http://www.debian.org/security/2009/dsa-1802

Vendor Advisory

http://release.debian.org/proposed-updates/stable_diffs/squirrelmail_1.4.15-4+lenny2.debdiff

Vendor Advisory

Exploit

http://www.mandriva.com/security/advisories?name=MDVSA-2009:122

http://www.securityfocus.com/archive/1/503718/100/0/threaded

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01195.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01202.html

https://nvd.nist.gov/vuln/detail/CVE-2009-1381

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1381

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1381

EUVD