LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

squirrelmail: arbitrary code execution

Package(s):squirrelmail CVE #(s):CVE-2005-1924 CVE-2006-4169
Created:August 13, 2007 Updated:August 15, 2007
Description: There is a vulnerability in the squirrelmail G/PGP plugin:

An authenticated user could use the plugin to execute arbitrary code on the server, or a remote attacker could send a specially crafted e-mail to a SquirrelMail user, possibly leading to the execution of arbitrary code with the privileges of the user running the underlying web server. Note that the G/PGP plugin is disabled by default.

Alerts:
Gentoo 200708-08 2007-08-11
(Log in to post comments)

squirrelmail: arbitrary code execution

Posted Sep 27, 2007 18:30 UTC (Thu) by kreutzm (guest, #4700) [Link]

Debian Sarge and Etch are not vulnerable.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds