CVE-2009-1381 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-1381 PUBLISHED CVSS 6.800000190734863 MEDIUM

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.

EPSS 0.59% · 69.1th percentile

Risk Scores

CVSS v2.0

6.800000190734863

EPSS Score

0.59%

69.1th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
squirrelmail	squirrelmail	1.2.5, 1.2.6, 1.2.6-rc1
squirrelmail	imap_general.php	1.2.2

Timeline

May 22, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

35140 third-party-advisory
FEDORA-2009-5350 vendor-advisory
20090521 [SECURITY] [DSA 1802-2] New squirrelmail packages correct incomplete fix mailing-list
MDVSA-2009:122 vendor-advisory
http://release.debian.org/proposed-updates/stable_diffs/squirrelmail_1.4.15-4+lenny2.debdiff url
FEDORA-2009-5471 vendor-advisory
DSA-1802 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2009-1381 advisory
https://access.redhat.com/security/cve/CVE-2009-1381 url
https://bugzilla.redhat.com/show_bug.cgi?id=502137 url

Open in Interactive Console →