QwikSec

Security Database

CVE

CWE

Training

CVE-2009-1381

Published: May 22, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

FEDORA-2009-5350

vendor-advisory

x_refsource_FEDORA

20090521 [SECURITY] [DSA 1802-2] New squirrelmail packages correct incomplete fix

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_MANDRIVA

http://release.debian.org/proposed-updates/stable_diffs/squirrelmail_1.4.15-4+lenny2.debdiff

x_refsource_MISC

FEDORA-2009-5471

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.