SquirrelMail map_yp_alias Username Mapping Alias Arbitrary Code Execution
Medium Nessus Plugin ID 38794
SynopsisThe remote webmail application allows execution of arbitrary code.
DescriptionThe installed version of SquirrelMail fails to properly sanitize input to the '$username' variable in the 'map_yp_alias' function in 'functions/imap_general.php'. An unauthenticated, remote attacker can exploit this to execute arbitrary code subject to the privileges of the affected web-server.
Note that there are also reported to be several cross-site scripting vulnerabilities as well as a session fixation vulnerability, though Nessus has not tested for these.
SolutionUpgrade to SquirrelMail 1.4.19 or later.