GLSA-201709-13 : SquirrelMail: Remote Code Execution
High Nessus Plugin ID 103281
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201709-13 (SquirrelMail: Remote Code Execution)
It was discovered that the sendmail.cf file is mishandled in a popen call.
A remote attacker, by enticing a user to open an e-mail attachment, could execute arbitrary shell commands.
There is no known workaround at this time.
SolutionGentoo has discontinued support for SquirrelMail and recommends that users unmerge the package:
# emerge --unmerge 'mail-client/squirrelmail'