CVE-2009-1579 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Affected Products (NVD)

Vendor	Product	Version
squirrelmail	squirrelmail	𝑥 ≤ 1.4.17
squirrelmail	squirrelmail	0.1
squirrelmail	squirrelmail	0.1.1
squirrelmail	squirrelmail	0.1.2
squirrelmail	squirrelmail	0.2
squirrelmail	squirrelmail	0.2.1
squirrelmail	squirrelmail	0.3
squirrelmail	squirrelmail	0.3.1
squirrelmail	squirrelmail	0.3pre1:pre1
squirrelmail	squirrelmail	0.3pre2:pre2
squirrelmail	squirrelmail	0.4
squirrelmail	squirrelmail	0.4pre1:pre1
squirrelmail	squirrelmail	0.4pre2:pre2
squirrelmail	squirrelmail	0.5
squirrelmail	squirrelmail	0.5pre1:pre1
squirrelmail	squirrelmail	0.5pre2:pre2
squirrelmail	squirrelmail	1.0
squirrelmail	squirrelmail	1.0.1
squirrelmail	squirrelmail	1.0.2
squirrelmail	squirrelmail	1.0.3
squirrelmail	squirrelmail	1.0.4
squirrelmail	squirrelmail	1.0.5
squirrelmail	squirrelmail	1.0.6
squirrelmail	squirrelmail	1.0pre1:pre1
squirrelmail	squirrelmail	1.0pre2:pre2
squirrelmail	squirrelmail	1.0pre3:pre3
squirrelmail	squirrelmail	1.1.0
squirrelmail	squirrelmail	1.1.1
squirrelmail	squirrelmail	1.1.2
squirrelmail	squirrelmail	1.1.3
squirrelmail	squirrelmail	1.2
squirrelmail	squirrelmail	1.2.0
squirrelmail	squirrelmail	1.2.0_rc3:_rc3
squirrelmail	squirrelmail	1.2.1
squirrelmail	squirrelmail	1.2.2
squirrelmail	squirrelmail	1.2.3
squirrelmail	squirrelmail	1.2.4
squirrelmail	squirrelmail	1.2.5
squirrelmail	squirrelmail	1.2.6
squirrelmail	squirrelmail	1.2.7
squirrelmail	squirrelmail	1.2.8
squirrelmail	squirrelmail	1.2.9
squirrelmail	squirrelmail	1.2.10
squirrelmail	squirrelmail	1.2.11
squirrelmail	squirrelmail	1.3.0
squirrelmail	squirrelmail	1.3.1
squirrelmail	squirrelmail	1.3.2
squirrelmail	squirrelmail	1.4
squirrelmail	squirrelmail	1.4.0
squirrelmail	squirrelmail	1.4.0_rc1:_rc1
squirrelmail	squirrelmail	1.4.0_rc2a:_rc2a
squirrelmail	squirrelmail	1.4.1
squirrelmail	squirrelmail	1.4.10
squirrelmail	squirrelmail	1.4.10a:a
squirrelmail	squirrelmail	1.4.11
squirrelmail	squirrelmail	1.4.12
squirrelmail	squirrelmail	1.4.15
squirrelmail	squirrelmail	1.4.15_rc1:_rc1
squirrelmail	squirrelmail	1.4.16

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

squirrelmail

dapper	ignored
hardy	Fixed 2:1.4.13-2ubuntu1.3 released
intrepid	Fixed 2:1.4.15-3ubuntu0.2 released
jaunty	Fixed 2:1.4.15-4ubuntu0.1 released
karmic	not-affected

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://download.gna.org/nasmail/nasmail-1.7.zip

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

http://secunia.com/advisories/35052

http://secunia.com/advisories/35073

http://secunia.com/advisories/35140

http://secunia.com/advisories/35259

http://secunia.com/advisories/37415

http://secunia.com/advisories/40220

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674&r2=13673&pathrev=13674

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13674

http://support.apple.com/kb/HT4188

http://www.debian.org/security/2009/dsa-1802

http://www.mandriva.com/security/advisories?name=MDVSA-2009:110

http://www.redhat.com/support/errata/RHSA-2009-1066.html

http://www.securityfocus.com/bid/34916

http://www.squirrelmail.org/security/issue/2009-05-10

http://www.vupen.com/english/advisories/2009/1296

http://www.vupen.com/english/advisories/2009/3315

http://www.vupen.com/english/advisories/2010/1481

https://bugzilla.redhat.com/show_bug.cgi?id=500360

https://exchange.xforce.ibmcloud.com/vulnerabilities/50461

https://gna.org/forum/forum.php?forum_id=2146

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html

http://download.gna.org/nasmail/nasmail-1.7.zip

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

http://secunia.com/advisories/35052

http://secunia.com/advisories/35073

http://secunia.com/advisories/35140

http://secunia.com/advisories/35259

http://secunia.com/advisories/37415

http://secunia.com/advisories/40220

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674&r2=13673&pathrev=13674

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13674

http://support.apple.com/kb/HT4188

http://www.debian.org/security/2009/dsa-1802

http://www.mandriva.com/security/advisories?name=MDVSA-2009:110

http://www.redhat.com/support/errata/RHSA-2009-1066.html

http://www.securityfocus.com/bid/34916

http://www.squirrelmail.org/security/issue/2009-05-10

http://www.vupen.com/english/advisories/2009/1296

http://www.vupen.com/english/advisories/2009/3315

http://www.vupen.com/english/advisories/2010/1481

https://bugzilla.redhat.com/show_bug.cgi?id=500360

https://exchange.xforce.ibmcloud.com/vulnerabilities/50461

https://gna.org/forum/forum.php?forum_id=2146

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html