Launchpad.net

CVE 2009-1381

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.

Related bugs and status

CVE-2009-1381 (Candidate) is related to these bugs:

Bug #396306: [CVE-2009-1381] Incomplete fix for CVE-2009-1579

		In	Importance	Status
396306	[CVE-2009-1381] Incomplete fix for CVE-2009-1579	squirrelmail (Ubuntu)	Undecided	Fix Released
396306	[CVE-2009-1381] Incomplete fix for CVE-2009-1579	squirrelmail (Ubuntu Hardy)	High	Fix Released
396306	[CVE-2009-1381] Incomplete fix for CVE-2009-1579	squirrelmail (Ubuntu Intrepid)	High	Fix Released
396306	[CVE-2009-1381] Incomplete fix for CVE-2009-1579	squirrelmail (Ubuntu Jaunty)	High	Fix Released
396306	[CVE-2009-1381] Incomplete fix for CVE-2009-1579	squirrelmail (Ubuntu Karmic)	Undecided	Fix Released
396306	[CVE-2009-1381] Incomplete fix for CVE-2009-1579	squirrelmail (Ubuntu Dapper)	High	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-1381

Related bugs and status

Related bugs

References