Vulnerabilities > CVE-2003-0990
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN exploit available
metasploit
Summary
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | SquirrelMail PGP Plugin command execution (SMTP). CVE-2003-0990. Remote exploit for linux platform |
| id | EDB-ID:16888 |
| last seen | 2016-02-02 |
| modified | 2010-08-25 |
| published | 2010-08-25 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/16888/ |
| title | SquirrelMail PGP Plugin command execution SMTP |
Metasploit
| description | This module exploits a command execution vulnerability in the PGP plugin of SquirrelMail. This flaw was found while quickly grepping the code after release of some information at http://www.wslabi.com/. Later, iDefense published an advisory .... Reading an email in SquirrelMail with the PGP plugin activated is enough to compromise the underlying server. Only "cmd/unix/generic" payloads were tested. |
| id | MSF:EXPLOIT/UNIX/WEBAPP/SQUIRRELMAIL_PGP_PLUGIN |
| last seen | 2020-03-10 |
| modified | 2017-07-24 |
| published | 2007-07-14 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/squirrelmail_pgp_plugin.rb |
| title | SquirrelMail PGP Plugin Command Execution (SMTP) |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/82369/squirrelmail_pgp_plugin.rb.txt |
| id | PACKETSTORM:82369 |
| last seen | 2016-12-05 |
| published | 2009-10-30 |
| reporter | Nicob |
| source | https://packetstormsecurity.com/files/82369/SquirrelMail-PGP-Plugin-Command-Execution.html |
| title | SquirrelMail PGP Plugin Command Execution |