CVE-2009-1381

Published: May 22, 2009Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.

Affected (12)

Products: Squirrelmail: Imap General.php, Squirrelmail

Squirrelmail

2 products

Imap General.php

Squirrelmail

Configuration A

12 vulnerable · 9 platform

Vulnerable Software	Affected Versions
Squirrelmail Imap General.php	Version 1.2.2
Squirrelmail Squirrelmail	Version 1.2.10
Squirrelmail Squirrelmail	Version 1.2.11
Squirrelmail Squirrelmail	Version 1.2.5
Squirrelmail Squirrelmail	Version 1.2.6-rc1
Squirrelmail Squirrelmail	Version 1.2.6
Squirrelmail Squirrelmail	Version 1.2.7
Squirrelmail Squirrelmail	Version 1.2.8
Squirrelmail Squirrelmail	Version 1.2.9
Squirrelmail Squirrelmail	Version 1.4.0-r1
Squirrelmail Squirrelmail	Version 1.4.0
Squirrelmail Squirrelmail	Version 1.4.1

Running on/with	Platform Versions
Squirrelmail Squirrelmail	Version 1.4.2-r1
Squirrelmail Squirrelmail	Version 1.4.2-r2
Squirrelmail Squirrelmail	Version 1.4.2-r3
Squirrelmail Squirrelmail	Version 1.4.2-r4
Squirrelmail Squirrelmail	Version 1.4.2-r5
Squirrelmail Squirrelmail	Version 1.4.2
Squirrelmail Squirrelmail	Version 1.4.3_rc1
Squirrelmail Squirrelmail	Version 1.4.3_rc1 r1
Squirrelmail Squirrelmail1.4.19 1	All versions