Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties
Junk Email Filter
|
Security
Server-side code injection in map_yp_alias username map
- Date:
- 2009-05-10
- Description:
- An issue was fixed that allowed arbitrary server-side code execution when SquirrelMail was configured to use the example "map_yp_alias" username mapping functionality.
This functionality is not enabled by default.
The fix in 1.4.18 was incomplete, upgrade to 1.4.19 or use the patch referenced below for full protection.
- Affected Versions:
- <= 1.4.18
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- CVE-2009-1579
CVE-2009-1381
- Patch:
- view patch
- Credits:
- Niels Teusink
- This page last updated:
- 2009-05-21 19:45:36
|
