Candidate: CVE-2009-1381
PublicDate: 2009-05-22 20:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1381
Description:
 The map_yp_alias function in functions/imap_general.php in SquirrelMail
 before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems
 and versions, allows remote attackers to execute arbitrary commands via
 shell metacharacters in a username string that is used by the ypmatch
 program.  NOTE: this issue exists because of an incomplete fix for
 CVE-2009-1579.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_squirrelmail:
upstream_squirrelmail: released (1.4.19)
dapper_squirrelmail: ignored (reached end-of-life)
hardy_squirrelmail: released (2:1.4.13-2ubuntu1.4)
intrepid_squirrelmail: released (2:1.4.15-3ubuntu0.3)
jaunty_squirrelmail: released (2:1.4.15-4ubuntu0.2)
karmic_squirrelmail: not-affected
devel_squirrelmail: not-affected