ID CVE-2009-1579
Summary The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.
References
Vulnerable Configurations
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.15
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.15
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.12
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.12
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.11
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.11
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.10
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.10
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.1
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.0
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.0
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.9
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.9
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4
    cpe:2.3:a:squirrelmail:squirrelmail:1.4
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.7
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.7
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.8
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.8
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.6
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.6
  • cpe:2.3:a:squirrelmail:squirrelmail:1.3.0
    cpe:2.3:a:squirrelmail:squirrelmail:1.3.0
  • cpe:2.3:a:squirrelmail:squirrelmail:1.3.2
    cpe:2.3:a:squirrelmail:squirrelmail:1.3.2
  • cpe:2.3:a:squirrelmail:squirrelmail:1.3.1
    cpe:2.3:a:squirrelmail:squirrelmail:1.3.1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.0
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.0
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2
    cpe:2.3:a:squirrelmail:squirrelmail:1.2
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.5
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.5
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.3
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.3
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.4
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.4
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.11
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.11
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.2
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.2
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.1
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.0_rc3
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.0_rc3
  • cpe:2.3:a:squirrelmail:squirrelmail:1.2.10
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.10
  • cpe:2.3:a:squirrelmail:squirrelmail:1.1.1
    cpe:2.3:a:squirrelmail:squirrelmail:1.1.1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.1.2
    cpe:2.3:a:squirrelmail:squirrelmail:1.1.2
  • cpe:2.3:a:squirrelmail:squirrelmail:1.1.3
    cpe:2.3:a:squirrelmail:squirrelmail:1.1.3
  • cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1
    cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.0.5
    cpe:2.3:a:squirrelmail:squirrelmail:1.0.5
  • cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2
    cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2
  • cpe:2.3:a:squirrelmail:squirrelmail:1.0.4
    cpe:2.3:a:squirrelmail:squirrelmail:1.0.4
  • cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3
    cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3
  • cpe:2.3:a:squirrelmail:squirrelmail:1.0.6
    cpe:2.3:a:squirrelmail:squirrelmail:1.0.6
  • cpe:2.3:a:squirrelmail:squirrelmail:1.1.0
    cpe:2.3:a:squirrelmail:squirrelmail:1.1.0
  • cpe:2.3:a:squirrelmail:squirrelmail:1.0
    cpe:2.3:a:squirrelmail:squirrelmail:1.0
  • cpe:2.3:a:squirrelmail:squirrelmail:0.4
    cpe:2.3:a:squirrelmail:squirrelmail:0.4
  • cpe:2.3:a:squirrelmail:squirrelmail:1.0.1
    cpe:2.3:a:squirrelmail:squirrelmail:1.0.1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.0.2
    cpe:2.3:a:squirrelmail:squirrelmail:1.0.2
  • cpe:2.3:a:squirrelmail:squirrelmail:1.0.3
    cpe:2.3:a:squirrelmail:squirrelmail:1.0.3
  • cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1
    cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1
  • cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2
    cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2
  • cpe:2.3:a:squirrelmail:squirrelmail:0.5
    cpe:2.3:a:squirrelmail:squirrelmail:0.5
  • cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1
    cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1
  • cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2
    cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2
  • cpe:2.3:a:squirrelmail:squirrelmail:0.1
    cpe:2.3:a:squirrelmail:squirrelmail:0.1
  • cpe:2.3:a:squirrelmail:squirrelmail:0.2.1
    cpe:2.3:a:squirrelmail:squirrelmail:0.2.1
  • cpe:2.3:a:squirrelmail:squirrelmail:0.2
    cpe:2.3:a:squirrelmail:squirrelmail:0.2
  • cpe:2.3:a:squirrelmail:squirrelmail:0.3.1
    cpe:2.3:a:squirrelmail:squirrelmail:0.3.1
  • cpe:2.3:a:squirrelmail:squirrelmail:0.3
    cpe:2.3:a:squirrelmail:squirrelmail:0.3
  • cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2
    cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2
  • cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1
    cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1
  • SquirrelMail
    cpe:2.3:a:squirrelmail:squirrelmail
  • cpe:2.3:a:squirrelmail:squirrelmail:0.1.2
    cpe:2.3:a:squirrelmail:squirrelmail:0.1.2
  • cpe:2.3:a:squirrelmail:squirrelmail:0.1.1
    cpe:2.3:a:squirrelmail:squirrelmail:0.1.1
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.16
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.16
  • cpe:2.3:a:squirrelmail:squirrelmail:1.4.17
    cpe:2.3:a:squirrelmail:squirrelmail:1.4.17
CVSS
Base: 6.8 (as of 15-05-2009 - 10:31)
Impact:
Exploitability:
CWE CWE-94
CAPEC
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2010-004.NASL
    description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-004 applied. This security update contains fixes for the following components : - CUPS - DesktopServices - Flash Player plug-in - Folder Manager - iChat - ImageIO - Kerberos - Kernel - libcurl - Network Authorization - Ruby - SMB File Server - SquirrelMail - Wiki Server
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 47024
    published 2010-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47024
    title Mac OS X Multiple Vulnerabilities (Security Update 2010-004)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1802.NASL
    description Several remote vulnerabilities have been discovered in SquirrelMail, a webmail application. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1578 Cross site scripting was possible through a number of pages which allowed an attacker to steal sensitive session data. - CVE-2009-1579, CVE-2009-1381 Code injection was possible when SquirrelMail was configured to use the map_yp_alias function to authenticate users. This is not the default. - CVE-2009-1580 It was possible to hijack an active user session by planting a specially crafted cookie into the user's browser. - CVE-2009-1581 Specially crafted HTML emails could use the CSS positioning feature to place email content over the SquirrelMail user interface, allowing for phishing.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 38859
    published 2009-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38859
    title Debian DSA-1802-2 : squirrelmail - several vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-4880.NASL
    description squirrelmail is now able to work with unsigned 32bit UID values with 32-bit version of php Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 38750
    published 2009-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38750
    title Fedora 10 : squirrelmail-1.4.18-1.fc10 (2009-4880)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201001-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201001-08 (SquirrelMail: Multiple vulnerabilities) Multiple vulnerabilities were found in SquirrelMail: Niels Teusink reported multiple input sanitation flaws in certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php, PHP_SELF and the query string (aka QUERY_STRING) (CVE-2009-1578). Niels Teusink also reported that the map_yp_alias() function in functions/imap_general.php does not filter shell metacharacters in a username and that the original patch was incomplete (CVE-2009-1381, CVE-2009-1579). Tomas Hoger discovered an unspecified session fixation vulnerability (CVE-2009-1580). Luc Beurton reported that functions/mime.php does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages (CVE-2009-1581). Impact : The vulnerabilities allow remote attackers to execute arbitrary code with the privileges of the user running the web server, to hijack web sessions via a crafted cookie, to spoof the user interface and to conduct Cross-Site Scripting and phishing attacks, via a specially crafted message. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 44897
    published 2010-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44897
    title GLSA-201001-08 : SquirrelMail: Multiple vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_6_4.NASL
    description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.4. Mac OS X 10.6.4 contains security fixes for the following components : - CUPS - DesktopServices - Flash Player plug-in - Folder Manager - Help Viewer - iChat - ImageIO - Kerberos - Kernel - libcurl - Network Authorization - Open Directory - Printer Setup - Printing - Ruby - SMB File Server - SquirrelMail - Wiki Server
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 47023
    published 2010-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47023
    title Mac OS X 10.6.x < 10.6.4 Multiple Vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090526_SQUIRRELMAIL_ON_SL3_X.NASL
    description A server-side code injection flaw was found in the SquirrelMail 'map_yp_alias' function. If SquirrelMail was configured to retrieve a user's IMAP server address from a Network Information Service (NIS) server via the 'map_yp_alias' function, an unauthenticated, remote attacker using a specially crafted username could use this flaw to execute arbitrary code with the privileges of the web server. (CVE-2009-1579) Multiple cross-site scripting (XSS) flaws were found in SquirrelMail. An attacker could construct a carefully crafted URL, which once visited by an unsuspecting user, could cause the user's web browser to execute malicious script in the context of the visited SquirrelMail web page. (CVE-2009-1578) It was discovered that SquirrelMail did not properly sanitize Cascading Style Sheets (CSS) directives used in HTML mail. A remote attacker could send a specially crafted email that could place mail content above SquirrelMail's controls, possibly allowing phishing and cross-site scripting attacks. (CVE-2009-1581)
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60590
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60590
    title Scientific Linux Security Update : squirrelmail on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1066.NASL
    description An updated squirrelmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP. A server-side code injection flaw was found in the SquirrelMail 'map_yp_alias' function. If SquirrelMail was configured to retrieve a user's IMAP server address from a Network Information Service (NIS) server via the 'map_yp_alias' function, an unauthenticated, remote attacker using a specially crafted username could use this flaw to execute arbitrary code with the privileges of the web server. (CVE-2009-1579) Multiple cross-site scripting (XSS) flaws were found in SquirrelMail. An attacker could construct a carefully crafted URL, which once visited by an unsuspecting user, could cause the user's web browser to execute malicious script in the context of the visited SquirrelMail web page. (CVE-2009-1578) It was discovered that SquirrelMail did not properly sanitize Cascading Style Sheets (CSS) directives used in HTML mail. A remote attacker could send a specially crafted email that could place mail content above SquirrelMail's controls, possibly allowing phishing and cross-site scripting attacks. (CVE-2009-1581) Users of squirrelmail should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 38922
    published 2009-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38922
    title RHEL 3 / 4 / 5 : squirrelmail (RHSA-2009:1066)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-5350.NASL
    description - Fri May 22 2009 Michal Hlavinka - 1.4.19-1 - updated to 1.4.19 - fixes CVE-2009-1579, CVE-2009-1580, CVE-2009-1581 - Tue May 19 2009 Michal Hlavinka - 1.4.18-2 - fix undefined variable aSpamIds (#501260) - Tue May 12 2009 Michal Hlavinka - 1.4.18-1 - updated to 1.4.18 - Wed Mar 18 2009 Michal Hlavinka - 1.4.17-4 - don't use white text (invisible on white paper) for highlighting in conf.pl (#427217) - Tue Mar 17 2009 Michal Hlavinka - 1.4.17-3 - dont use colors in conf.pl by default (#427217) - Thu Dec 4 2008 Michal Hlavinka - 1.4.17-2 - add missing locales - Thu Dec 4 2008 Michal Hlavinka - 1.4.17-1 - update to 1.4.17 (fixes CVE-2008-2379) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 38905
    published 2009-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38905
    title Fedora 10 : squirrelmail-1.4.19-1.fc10 (2009-5350)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-5471.NASL
    description - Fri May 22 2009 Michal Hlavinka - 1.4.19-1 - updated to 1.4.19 - fixes CVE-2009-1579, CVE-2009-1580, CVE-2009-1581 - Tue May 19 2009 Michal Hlavinka - 1.4.18-2 - fix undefined variable aSpamIds (#501260) - Tue May 12 2009 Michal Hlavinka - 1.4.18-1 - update to 1.4.18 (fixes CVE-2009-1581) - Thu Dec 4 2008 Michal Hlavinka - 1.4.17-1 - update to 1.4.17 (fixes CVE-2008-2379) - Wed Oct 1 2008 Michal Hlavinka - 1.4.16-1 - update to 1.4.16 - resolves: #464185: CVE-2008-3663 Squirrelmail session hijacking Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 38908
    published 2009-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38908
    title Fedora 9 : squirrelmail-1.4.19-1.fc9 (2009-5471)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-4875.NASL
    description - Tue May 12 2009 Michal Hlavinka - 1.4.18-1 - updated to 1.4.18 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 38749
    published 2009-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38749
    title Fedora 11 : squirrelmail-1.4.18-1.fc11 (2009-4875)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1066.NASL
    description From Red Hat Security Advisory 2009:1066 : An updated squirrelmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP. A server-side code injection flaw was found in the SquirrelMail 'map_yp_alias' function. If SquirrelMail was configured to retrieve a user's IMAP server address from a Network Information Service (NIS) server via the 'map_yp_alias' function, an unauthenticated, remote attacker using a specially crafted username could use this flaw to execute arbitrary code with the privileges of the web server. (CVE-2009-1579) Multiple cross-site scripting (XSS) flaws were found in SquirrelMail. An attacker could construct a carefully crafted URL, which once visited by an unsuspecting user, could cause the user's web browser to execute malicious script in the context of the visited SquirrelMail web page. (CVE-2009-1578) It was discovered that SquirrelMail did not properly sanitize Cascading Style Sheets (CSS) directives used in HTML mail. A remote attacker could send a specially crafted email that could place mail content above SquirrelMail's controls, possibly allowing phishing and cross-site scripting attacks. (CVE-2009-1581) Users of squirrelmail should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 67865
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67865
    title Oracle Linux 3 / 4 / 5 : squirrelmail (ELSA-2009-1066)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-4870.NASL
    description - Tue May 12 2009 Michal Hlavinka - 1.4.18-1 - update to 1.4.18 (fixes CVE-2009-1581) - Thu Dec 4 2008 Michal Hlavinka - 1.4.17-1 - update to 1.4.17 (fixes CVE-2008-2379) - Wed Oct 1 2008 Michal Hlavinka - 1.4.16-1 - update to 1.4.16 - resolves: #464185: CVE-2008-3663 Squirrelmail session hijacking Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 38748
    published 2009-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38748
    title Fedora 9 : squirrelmail-1.4.18-1.fc9 (2009-4870)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1066.NASL
    description An updated squirrelmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP. A server-side code injection flaw was found in the SquirrelMail 'map_yp_alias' function. If SquirrelMail was configured to retrieve a user's IMAP server address from a Network Information Service (NIS) server via the 'map_yp_alias' function, an unauthenticated, remote attacker using a specially crafted username could use this flaw to execute arbitrary code with the privileges of the web server. (CVE-2009-1579) Multiple cross-site scripting (XSS) flaws were found in SquirrelMail. An attacker could construct a carefully crafted URL, which once visited by an unsuspecting user, could cause the user's web browser to execute malicious script in the context of the visited SquirrelMail web page. (CVE-2009-1578) It was discovered that SquirrelMail did not properly sanitize Cascading Style Sheets (CSS) directives used in HTML mail. A remote attacker could send a specially crafted email that could place mail content above SquirrelMail's controls, possibly allowing phishing and cross-site scripting attacks. (CVE-2009-1581) Users of squirrelmail should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 38930
    published 2009-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38930
    title CentOS 3 / 5 : squirrelmail (CESA-2009:1066)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SQUIRRELMAIL-6242.NASL
    description Multiple vulnerabilities have been fixed in SquirrelMail: an XSS and input sanitization bug (both CVE-2009-1578), a server-side code execution (CVE-2009-1579), a login session hijacking bug (CVE-2009-1580) and another bug that allowed phishing and XSS attacks (CVE-2009-1581).
    last seen 2019-02-21
    modified 2016-12-27
    plugin id 38776
    published 2009-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38776
    title openSUSE 10 Security Update : squirrelmail (squirrelmail-6242)
  • NASL family CGI abuses
    NASL id SQUIRRELMAIL_MAP_YP_ALIAS_CODE_EXEC.NASL
    description The installed version of SquirrelMail fails to properly sanitize input to the '$username' variable in the 'map_yp_alias' function in 'functions/imap_general.php'. An unauthenticated, remote attacker can exploit this to execute arbitrary code subject to the privileges of the affected web-server. Note that there are also reported to be several cross-site scripting vulnerabilities as well as a session fixation vulnerability, though Nessus has not tested for these.
    last seen 2019-02-21
    modified 2018-08-03
    plugin id 38794
    published 2009-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38794
    title SquirrelMail map_yp_alias Username Mapping Alias Arbitrary Code Execution
oval via4
accepted 2013-04-29T04:10:28.592-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.
family unix
id oval:org.mitre.oval:def:10986
status accepted
submitted 2010-07-09T03:56:16-04:00
title The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.
version 24
redhat via4
advisories
rhsa
id RHSA-2009:1066
rpms
  • squirrelmail-0:1.4.8-13.el3
  • squirrelmail-0:1.4.8-5.el4_8.5
  • squirrelmail-0:1.4.8-5.el5_3.7
refmap via4
apple APPLE-SA-2010-06-15-1
bid 34916
confirm
debian DSA-1802
fedora
  • FEDORA-2009-4870
  • FEDORA-2009-4875
  • FEDORA-2009-4880
mandriva MDVSA-2009:110
secunia
  • 35052
  • 35073
  • 35140
  • 35259
  • 37415
  • 40220
vupen
  • ADV-2009-1296
  • ADV-2009-3315
  • ADV-2010-1481
xf squirrelmail-mapypalias-code-execution(50461)
Last major update 21-08-2010 - 01:32
Published 14-05-2009 - 13:30
Last modified 28-09-2017 - 21:34
Back to Top