icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

SquirrelMail G/PGP Encryption Plugin <= 2.1 Remote Command Execution

High

Synopsis

The remote host is vulnerable to an arbitrary 'command insertion' flaw.

Description

The remote host is running the SquirrelMail web-based email software with GPG Encryption enabled. This version of the GPG Plugin is vulnerable to a flaw in the way that it parses user-supplied data. An attacker exploiting this flaw would be able to execute shell commands on the remote server with the permissions of the SquirrelMail server process.

Solution

Upgrade to a version of GPG Plugin higher than 2.1.