Detections
Analytics

SquirrelMail map_yp_alias Username Mapping Alias Arbitrary Code Execution

high Nessus Plugin ID 38794

Language:

Synopsis

The remote webmail application allows execution of arbitrary code.

Description

The installed version of SquirrelMail fails to properly sanitize input to the '$username' variable in the 'map_yp_alias' function in 'functions/imap_general.php'. An unauthenticated, remote attacker can exploit this to execute arbitrary code subject to the privileges of the affected web-server.

Note that there are also reported to be several cross-site scripting vulnerabilities as well as a session fixation vulnerability, though Nessus has not tested for these.

Solution

Upgrade to SquirrelMail 1.4.19 or later.

See Also

http://www.squirrelmail.org/security/issue/2009-05-10

Plugin Details

Severity: High

ID: 38794

File Name: squirrelmail_map_yp_alias_code_exec.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 5/15/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:squirrelmail:squirrelmail

Required KB Items: www/squirrelmail

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploited by Nessus: true

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-1579

BID: 34916

CWE: 94