SquirrelMail G/PGP Encryption Plugin <= 2.1 Remote Command Execution
High Nessus Network Monitor Plugin ID 4133
SynopsisThe remote host is vulnerable to an arbitrary 'command insertion' flaw.
DescriptionThe remote host is running the SquirrelMail web-based email software with GPG Encryption enabled. This version of the GPG Plugin is vulnerable to a flaw in the way that it parses user-supplied data. An attacker exploiting this flaw would be able to execute shell commands on the remote server with the permissions of the SquirrelMail server process.
SolutionUpgrade to a version of GPG Plugin higher than 2.1.