CVE-2009-1579

Published: May 14, 2009Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.

Affected (60)

Products: Squirrelmail: Squirrelmail

1 product

Configuration A

60 vulnerable

Vulnerable Software	Affected Versions
Squirrelmail Squirrelmail	All versions
Squirrelmail Squirrelmail	Up to 1.4.17
Squirrelmail Squirrelmail	Version 0.1.1
Squirrelmail Squirrelmail	Version 0.1.2
Squirrelmail Squirrelmail	Version 0.1
Squirrelmail Squirrelmail	Version 0.2.1
Squirrelmail Squirrelmail	Version 0.2
Squirrelmail Squirrelmail	Version 0.3.1
Squirrelmail Squirrelmail	Version 0.3
Squirrelmail Squirrelmail	Version 0.3pre1
Squirrelmail Squirrelmail	Version 0.3pre2
Squirrelmail Squirrelmail	Version 0.4
Squirrelmail Squirrelmail	Version 0.4pre1
Squirrelmail Squirrelmail	Version 0.4pre2
Squirrelmail Squirrelmail	Version 0.5
Squirrelmail Squirrelmail	Version 0.5pre1
Squirrelmail Squirrelmail	Version 0.5pre2
Squirrelmail Squirrelmail	Version 1.0.1
Squirrelmail Squirrelmail	Version 1.0.2
Squirrelmail Squirrelmail	Version 1.0.3
Squirrelmail Squirrelmail	Version 1.0.4
Squirrelmail Squirrelmail	Version 1.0.5
Squirrelmail Squirrelmail	Version 1.0.6
Squirrelmail Squirrelmail	Version 1.0
Squirrelmail Squirrelmail	Version 1.0pre1
Squirrelmail Squirrelmail	Version 1.0pre2
Squirrelmail Squirrelmail	Version 1.0pre3
Squirrelmail Squirrelmail	Version 1.1.0
Squirrelmail Squirrelmail	Version 1.1.1
Squirrelmail Squirrelmail	Version 1.1.2
Squirrelmail Squirrelmail	Version 1.1.3
Squirrelmail Squirrelmail	Version 1.2.0
Squirrelmail Squirrelmail	Version 1.2.0_rc3
Squirrelmail Squirrelmail	Version 1.2.10
Squirrelmail Squirrelmail	Version 1.2.11
Squirrelmail Squirrelmail	Version 1.2.1
Squirrelmail Squirrelmail	Version 1.2.2
Squirrelmail Squirrelmail	Version 1.2.3
Squirrelmail Squirrelmail	Version 1.2.4
Squirrelmail Squirrelmail	Version 1.2.5
Squirrelmail Squirrelmail	Version 1.2.6
Squirrelmail Squirrelmail	Version 1.2.7
Squirrelmail Squirrelmail	Version 1.2.8
Squirrelmail Squirrelmail	Version 1.2.9
Squirrelmail Squirrelmail	Version 1.2
Squirrelmail Squirrelmail	Version 1.3.0
Squirrelmail Squirrelmail	Version 1.3.1
Squirrelmail Squirrelmail	Version 1.3.2
Squirrelmail Squirrelmail	Version 1.4.0
Squirrelmail Squirrelmail	Version 1.4.0_rc1
Squirrelmail Squirrelmail	Version 1.4.0_rc2a
Squirrelmail Squirrelmail	Version 1.4.10
Squirrelmail Squirrelmail	Version 1.4.10a
Squirrelmail Squirrelmail	Version 1.4.11
Squirrelmail Squirrelmail	Version 1.4.12
Squirrelmail Squirrelmail	Version 1.4.15
Squirrelmail Squirrelmail	Version 1.4.15_rc1
Squirrelmail Squirrelmail	Version 1.4.16
Squirrelmail Squirrelmail	Version 1.4.1
Squirrelmail Squirrelmail	Version 1.4

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (54)

http://download.gna.org/nasmail/nasmail-1.7.zip

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

Source: cve@mitre.org

http://secunia.com/advisories/35052

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/35073

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/35140

Source: cve@mitre.org

http://secunia.com/advisories/35259

Source: cve@mitre.org

http://secunia.com/advisories/37415

Source: cve@mitre.org

http://secunia.com/advisories/40220

Source: cve@mitre.org

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog

Source: cve@mitre.org

Patch

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674&r2=13673&pathrev=13674

Source: cve@mitre.org

Patch

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13674

Source: cve@mitre.org

Patch

http://support.apple.com/kb/HT4188

Source: cve@mitre.org

http://www.debian.org/security/2009/dsa-1802

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2009:110

Source: cve@mitre.org

Patch

http://www.redhat.com/support/errata/RHSA-2009-1066.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/34916

Source: cve@mitre.org

Patch

http://www.squirrelmail.org/security/issue/2009-05-10

Source: cve@mitre.org

PatchVendor Advisory

http://www.vupen.com/english/advisories/2009/1296

Source: cve@mitre.org

PatchVendor Advisory

http://www.vupen.com/english/advisories/2009/3315

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2010/1481

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=500360

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/50461

Source: cve@mitre.org

https://gna.org/forum/forum.php?forum_id=2146

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html

Source: cve@mitre.org

Patch

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html

Source: cve@mitre.org

Patch

http://download.gna.org/nasmail/nasmail-1.7.zip

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35052

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/35073

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/35140

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35259

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/37415

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/40220

Source: af854a3a-2127-422b-91ae-364da2661108

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674&r2=13673&pathrev=13674

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13674

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://support.apple.com/kb/HT4188

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1802

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:110

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.redhat.com/support/errata/RHSA-2009-1066.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/34916

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.squirrelmail.org/security/issue/2009-05-10

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.vupen.com/english/advisories/2009/1296

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.vupen.com/english/advisories/2009/3315

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/1481

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=500360

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/50461

Source: af854a3a-2127-422b-91ae-364da2661108

https://gna.org/forum/forum.php?forum_id=2146

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.