Skip to navigation

Search

Advanced Search

Register or Log in
Help

Log out
Help
Your account
- Account number
- Account settings

Home
Knowledge
Technical Resources

Knowledgebase

Product Documentation

Tech Briefs

Reference Architectures

Support Essentials

Videos

Source
Additional Resources

Certified Hardware

Webinars

Success Stories

Training
Groups
Online User Groups

Groups Dashboard

Red Hat Enterprise Linux

Red Hat Enterprise Linux 7 Ideas

JBoss Enterprise Middleware

Red Hat Enterprise Virtualization

Getting Started with Red Hat

Site Suggestions
Other

Groups FAQ

Rules of Engagement
Support
Support Cases

Create a New Case

View Support Cases

Phone Numbers & Hours

Severity Definitions

Support Programs

Production Support

Development Support

Technical Account Management

Hardware Certification
Product Life Cycles

Life Cycle & Update Policies

Supported Environments

Certified Hardware

Support Essentials

JBoss Supported Configurations
Help & Assistance

Getting Started

Contacting Red Hat

Management Escalation

Support FAQs

Site Help

Portal FAQs

Login Assistance
Downloads
Red Hat Enterprise Linux

Channels

Downloads

Packages

Evaluations & Demos
JBoss Enterprise Middleware

Downloads

Evaluations & Demos
Red Hat Storage

Downloads

Additional Downloads

Fonts
Security
Security Updates

Active Products

End-of-Life Products

Notifications & Advisories

Resources

CVE Database

Security Measurement

Product Signing (GPG) Keys
Policies & Definitions

Severity Ratings

Backporting Policy
Security Team

Security Response Team

Security Contacts
Subscriptions
Subscriptions

Overview

Active Subscriptions

Renewals

Order History

Activate a New Subscription
Certificate-based Management

Consumers List

Classic Management

Entitlements

Systems

Groups
Organization

Users & Permissions

CVE index by year
- 2012 CVE
- 2011 CVE
- 2010 CVE
- 2009 CVE
- - CVE-2009-1579
- 2008 CVE
- 2007 CVE
- 2006 CVE
- 2005 CVE
- 2004 CVE
- 2003 CVE
- 2002 CVE
- 2001 CVE
- 2000 CVE
- 1999 CVE

CVE Database

CVE-2009-1579

Impact:	Important (classification)
Public:	May 10 2009
Bugzilla:	500360: CVE-2009-1579 SquirrelMail: Server-side code injection in map_yp_alias username map

Details

The MITRE CVE dictionary describes this issue as:

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.

Find out more about CVE-2009-1579 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

Base Score:	7.5	Base Metrics:	AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector:	Network	Confidentiality Impact:	Partial
Access Complexity:	Low	Integrity Impact:	Partial
Authentication:	None	Availability Impact:	Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform	Errata	Release Date
Red Hat Enterprise Linux version 3 (squirrelmail)	RHSA-2009:1066	May 26 2009
Red Hat Enterprise Linux version 4 (squirrelmail)	RHSA-2009:1066	May 26 2009
Red Hat Enterprise Linux version 5 (squirrelmail)	RHSA-2009:1066	May 26 2009

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Red Hat Security Response Team.

Copyright © 2011 Red Hat, Inc.