FreeBSD : SquirrelMail -- post-authentication remote code execution (e1de77e8-c45e-48d7-8866-5a6f943046de)
High Nessus Plugin ID 102691
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionSquirrelMail developers report :
SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server.
SolutionUpdate the affected package.