SquirrelMail map_yp_alias Username Mapping Alias Arbitrary Code Execution

Medium Nessus Plugin ID 38794

Synopsis

The remote webmail application allows execution of arbitrary code.

Description

The installed version of SquirrelMail fails to properly sanitize input to the '$username' variable in the 'map_yp_alias' function in 'functions/imap_general.php'. An unauthenticated, remote attacker can exploit this to execute arbitrary code subject to the privileges of the affected web-server.

Note that there are also reported to be several cross-site scripting vulnerabilities as well as a session fixation vulnerability, though Nessus has not tested for these.

Solution

Upgrade to SquirrelMail 1.4.19 or later.

See Also

http://www.squirrelmail.org/security/issue/2009-05-10

Plugin Details

Severity: Medium

ID: 38794

File Name: squirrelmail_map_yp_alias_code_exec.nasl

Version: 1.14

Type: remote

Family: CGI abuses

Published: 2009/05/15

Updated: 2018/08/03

Dependencies: 12647

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:squirrelmail:squirrelmail

Required KB Items: www/squirrelmail

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: false

Exploit Ease: No exploit is required

Exploited by Nessus: true

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-1579

BID: 34916

CWE: 94