VDB
CVE-2009-1381
CVE-2009-1381
PUBLISHED
CVSS 6.800000190734863 MEDIUM
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.
EPSS 0.59% · 69.7th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
0.59%
69.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| squirrelmail | squirrelmail | 1.2.5, 1.2.6, 1.2.6-rc1 |
| squirrelmail | imap_general.php | 1.2.2 |
Exploit Intelligence
- 35140 (circl)
- FEDORA-2009-5350 (circl)
- 20090521 [SECURITY] [DSA 1802-2] New squirrelmail packages correct incomplete fix (circl)
- MDVSA-2009:122 (circl)
- FEDORA-2009-5471 (circl)
- DSA-1802 (circl)
- http://release.debian.org/proposed-updates/stable_diffs/squirrelmail_1.4.15-4+lenny2.debdiff (nist-nvd)
Timeline
- May 22, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 35140 third-party-advisory
- FEDORA-2009-5350 vendor-advisory
- 20090521 [SECURITY] [DSA 1802-2] New squirrelmail packages correct incomplete fix mailing-list
- MDVSA-2009:122 vendor-advisory
- http://release.debian.org/proposed-updates/stable_diffs/squirrelmail_1.4.15-4+lenny2.debdiff url
- FEDORA-2009-5471 vendor-advisory
- DSA-1802 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2009-1381 advisory
- https://access.redhat.com/security/cve/CVE-2009-1381 url
- https://bugzilla.redhat.com/show_bug.cgi?id=502137 url