6.8

CVE-2009-1579

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SquirrelmailSquirrelmail Version <= 1.4.17
SquirrelmailSquirrelmail Version0.1
SquirrelmailSquirrelmail Version0.1.1
SquirrelmailSquirrelmail Version0.1.2
SquirrelmailSquirrelmail Version0.2
SquirrelmailSquirrelmail Version0.2.1
SquirrelmailSquirrelmail Version0.3
SquirrelmailSquirrelmail Version0.3.1
SquirrelmailSquirrelmail Version0.3pre1
SquirrelmailSquirrelmail Version0.3pre2
SquirrelmailSquirrelmail Version0.4
SquirrelmailSquirrelmail Version0.4pre1
SquirrelmailSquirrelmail Version0.4pre2
SquirrelmailSquirrelmail Version0.5
SquirrelmailSquirrelmail Version0.5pre1
SquirrelmailSquirrelmail Version0.5pre2
SquirrelmailSquirrelmail Version1.0
SquirrelmailSquirrelmail Version1.0.1
SquirrelmailSquirrelmail Version1.0.2
SquirrelmailSquirrelmail Version1.0.3
SquirrelmailSquirrelmail Version1.0.4
SquirrelmailSquirrelmail Version1.0.5
SquirrelmailSquirrelmail Version1.0.6
SquirrelmailSquirrelmail Version1.0pre1
SquirrelmailSquirrelmail Version1.0pre2
SquirrelmailSquirrelmail Version1.0pre3
SquirrelmailSquirrelmail Version1.1.0
SquirrelmailSquirrelmail Version1.1.1
SquirrelmailSquirrelmail Version1.1.2
SquirrelmailSquirrelmail Version1.1.3
SquirrelmailSquirrelmail Version1.2
SquirrelmailSquirrelmail Version1.2.0
SquirrelmailSquirrelmail Version1.2.0_rc3
SquirrelmailSquirrelmail Version1.2.1
SquirrelmailSquirrelmail Version1.2.2
SquirrelmailSquirrelmail Version1.2.3
SquirrelmailSquirrelmail Version1.2.4
SquirrelmailSquirrelmail Version1.2.5
SquirrelmailSquirrelmail Version1.2.6
SquirrelmailSquirrelmail Version1.2.7
SquirrelmailSquirrelmail Version1.2.8
SquirrelmailSquirrelmail Version1.2.9
SquirrelmailSquirrelmail Version1.2.10
SquirrelmailSquirrelmail Version1.2.11
SquirrelmailSquirrelmail Version1.3.0
SquirrelmailSquirrelmail Version1.3.1
SquirrelmailSquirrelmail Version1.3.2
SquirrelmailSquirrelmail Version1.4
SquirrelmailSquirrelmail Version1.4.0
SquirrelmailSquirrelmail Version1.4.0_rc1
SquirrelmailSquirrelmail Version1.4.0_rc2a
SquirrelmailSquirrelmail Version1.4.1
SquirrelmailSquirrelmail Version1.4.10
SquirrelmailSquirrelmail Version1.4.10a
SquirrelmailSquirrelmail Version1.4.11
SquirrelmailSquirrelmail Version1.4.12
SquirrelmailSquirrelmail Version1.4.15
SquirrelmailSquirrelmail Version1.4.15_rc1
SquirrelmailSquirrelmail Version1.4.16
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.4% 0.873
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://download.gna.org/nasmail/nasmail-1.7.zip
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
http://secunia.com/advisories/35052
Vendor Advisory
http://secunia.com/advisories/35073
Vendor Advisory
http://secunia.com/advisories/35140
http://secunia.com/advisories/35259
http://secunia.com/advisories/37415
http://secunia.com/advisories/40220
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog
Patch
http://support.apple.com/kb/HT4188
http://www.debian.org/security/2009/dsa-1802
http://www.mandriva.com/security/advisories?name=MDVSA-2009:110
Patch
http://www.redhat.com/support/errata/RHSA-2009-1066.html
http://www.securityfocus.com/bid/34916
Patch
http://www.vupen.com/english/advisories/2009/1296
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2009/3315
http://www.vupen.com/english/advisories/2010/1481
https://gna.org/forum/forum.php?forum_id=2146
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html
Patch
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html
Patch
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674&r2=13673&pathrev=13674
Patch
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13674
Patch
http://www.squirrelmail.org/security/issue/2009-05-10
Patch
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=500360
https://exchange.xforce.ibmcloud.com/vulnerabilities/50461
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986