Vulnerabilities > CVE-2009-1381 - Unspecified vulnerability in Squirrelmail Imap General.PHP and Squirrelmail

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
squirrelmail
nessus
NVD
Published: 2009-05-22
Updated: 2023-11-07

Summary

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.

Vulnerable Configurations

Part Description Count
Application
Squirrelmail
21

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1066.NASL
    descriptionAn updated squirrelmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP. A server-side code injection flaw was found in the SquirrelMail
    last seen2020-06-01
    modified2020-06-02
    plugin id38922
    published2009-05-27
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38922
    titleRHEL 3 / 4 / 5 : squirrelmail (RHSA-2009:1066)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-5471.NASL
    description - Fri May 22 2009 Michal Hlavinka <mhlavink at redhat.com> - 1.4.19-1 - updated to 1.4.19 - fixes CVE-2009-1579, CVE-2009-1580, CVE-2009-1581 - Tue May 19 2009 Michal Hlavinka <mhlavink at redhat.com> - 1.4.18-2 - fix undefined variable aSpamIds (#501260) - Tue May 12 2009 Michal Hlavinka <mhlavink at redhat.com> - 1.4.18-1 - update to 1.4.18 (fixes CVE-2009-1581) - Thu Dec 4 2008 Michal Hlavinka <mhlavink at redhat.com> - 1.4.17-1 - update to 1.4.17 (fixes CVE-2008-2379) - Wed Oct 1 2008 Michal Hlavinka <mhlavink at redhat.com> - 1.4.16-1 - update to 1.4.16 - resolves: #464185: CVE-2008-3663 Squirrelmail session hijacking Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id38908
    published2009-05-26
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38908
    titleFedora 9 : squirrelmail-1.4.19-1.fc9 (2009-5471)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201001-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201001-08 (SquirrelMail: Multiple vulnerabilities) Multiple vulnerabilities were found in SquirrelMail: Niels Teusink reported multiple input sanitation flaws in certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php, PHP_SELF and the query string (aka QUERY_STRING) (CVE-2009-1578). Niels Teusink also reported that the map_yp_alias() function in functions/imap_general.php does not filter shell metacharacters in a username and that the original patch was incomplete (CVE-2009-1381, CVE-2009-1579). Tomas Hoger discovered an unspecified session fixation vulnerability (CVE-2009-1580). Luc Beurton reported that functions/mime.php does not protect the application
    last seen2020-06-01
    modified2020-06-02
    plugin id44897
    published2010-02-25
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44897
    titleGLSA-201001-08 : SquirrelMail: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-5350.NASL
    description - Fri May 22 2009 Michal Hlavinka <mhlavink at redhat.com> - 1.4.19-1 - updated to 1.4.19 - fixes CVE-2009-1579, CVE-2009-1580, CVE-2009-1581 - Tue May 19 2009 Michal Hlavinka <mhlavink at redhat.com> - 1.4.18-2 - fix undefined variable aSpamIds (#501260) - Tue May 12 2009 Michal Hlavinka <mhlavink at redhat.com> - 1.4.18-1 - updated to 1.4.18 - Wed Mar 18 2009 Michal Hlavinka <mhlavink at redhat.com> - 1.4.17-4 - don
    last seen2020-06-01
    modified2020-06-02
    plugin id38905
    published2009-05-26
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38905
    titleFedora 10 : squirrelmail-1.4.19-1.fc10 (2009-5350)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1802.NASL
    descriptionSeveral remote vulnerabilities have been discovered in SquirrelMail, a webmail application. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1578 Cross site scripting was possible through a number of pages which allowed an attacker to steal sensitive session data. - CVE-2009-1579, CVE-2009-1381 Code injection was possible when SquirrelMail was configured to use the map_yp_alias function to authenticate users. This is not the default. - CVE-2009-1580 It was possible to hijack an active user session by planting a specially crafted cookie into the user
    last seen2020-06-01
    modified2020-06-02
    plugin id38859
    published2009-05-20
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38859
    titleDebian DSA-1802-2 : squirrelmail - several vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1066.NASL
    descriptionFrom Red Hat Security Advisory 2009:1066 : An updated squirrelmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP. A server-side code injection flaw was found in the SquirrelMail
    last seen2020-06-01
    modified2020-06-02
    plugin id67865
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67865
    titleOracle Linux 3 / 4 / 5 : squirrelmail (ELSA-2009-1066)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1066.NASL
    descriptionAn updated squirrelmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP. A server-side code injection flaw was found in the SquirrelMail
    last seen2020-06-01
    modified2020-06-02
    plugin id38930
    published2009-05-28
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38930
    titleCentOS 3 / 5 : squirrelmail (CESA-2009:1066)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SQUIRRELMAIL-6457.NASL
    descriptionThe previous fix for a vulnerability that allowed an attacker to run arbitrary commands on the server was incomplete (CVE-2009-1381).
    last seen2020-06-01
    modified2020-06-02
    plugin id42034
    published2009-10-06
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42034
    titleopenSUSE 10 Security Update : squirrelmail (squirrelmail-6457)

Statements

contributorTomas Hoger
lastmodified2009-05-26
organizationRed Hat
statementNot vulnerable. This issue did not affect the versions of squirrelmail as shipped with Red Hat Enterprise Linux 3, 4, or 5. Updates for squirrelmail released via RHSA-2009:1066 (https://rhn.redhat.com/errata/RHSA-2009-1066.html) fixed original flaw CVE-2009-1579 without introducing CVE-2009-1381.

References