Launchpad.net

CVE 2009-1579

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.

Related bugs and status

CVE-2009-1579 (Candidate) is related to these bugs:

Bug #375513: Multiple CVEs for Squirrelmail <1.4.17

		In	Importance	Status
375513	Multiple CVEs for Squirrelmail <1.4.17	squirrelmail (Ubuntu)	High	Fix Released
375513	Multiple CVEs for Squirrelmail <1.4.17	squirrelmail (Ubuntu Dapper)	High	Won't Fix
375513	Multiple CVEs for Squirrelmail <1.4.17	squirrelmail (Ubuntu Hardy)	High	Fix Released
375513	Multiple CVEs for Squirrelmail <1.4.17	squirrelmail (Ubuntu Intrepid)	High	Fix Released
375513	Multiple CVEs for Squirrelmail <1.4.17	squirrelmail (Ubuntu Jaunty)	High	Fix Released
375513	Multiple CVEs for Squirrelmail <1.4.17	squirrelmail (Ubuntu Karmic)	High	Fix Released

Bug #396306: [CVE-2009-1381] Incomplete fix for CVE-2009-1579

		In	Importance	Status
396306	[CVE-2009-1381] Incomplete fix for CVE-2009-1579	squirrelmail (Ubuntu)	Undecided	Fix Released
396306	[CVE-2009-1381] Incomplete fix for CVE-2009-1579	squirrelmail (Ubuntu Hardy)	High	Fix Released
396306	[CVE-2009-1381] Incomplete fix for CVE-2009-1579	squirrelmail (Ubuntu Intrepid)	High	Fix Released
396306	[CVE-2009-1381] Incomplete fix for CVE-2009-1579	squirrelmail (Ubuntu Jaunty)	High	Fix Released
396306	[CVE-2009-1381] Incomplete fix for CVE-2009-1579	squirrelmail (Ubuntu Karmic)	Undecided	Fix Released
396306	[CVE-2009-1381] Incomplete fix for CVE-2009-1579	squirrelmail (Ubuntu Dapper)	High	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-1579

Related bugs and status

Related bugs

References