Bug 355

Summary:	Important new version SquirrelMail containing some fixes for security related issues
Product:	Gentoo Linux	Reporter:	Ferry Meyndert <m0rpheus>
Component:	Current packages	Assignee:	Mikael Hallendal (hallski) (RETIRED) <hallski>
Status:	RESOLVED DUPLICATE
Severity:	normal
Priority:	High
Version:	1.0 RC6 r14
Hardware:	x86
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Ferry Meyndert 2002-01-27 04:25:26 UTC

SquirrelMail Web-based Mail Server Lets Remote Users Execute Arbitrary Code on
the Server 

Date:  Jan 25 2002
Impact:  Execution of arbitrary code via network, User access via network
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): 1.2.2
Description:  A vulnerability was reported in SquirrelMail webmail server. A
remote user can execute arbitrary commands on the server.

It is reported that the spell checker plugin (check_me.mod.php) allows a remote
user to specify commands to be executed on the server. The following type of URL
will reportedly trigger the vulnerability:

host/plugins/squirrelspell/modules/check_me.mod.php?SQSPELL_APP[blah]=wall%
20hello&sqspell_use_ app=blah&attachment_dir=/tmp&username_sqspell_data=plik
Impact:  A remote user can execute commands on the server with the privileges of
the web server.
Solution:  The vendor has released a fixed version (1.2.4), available at:

http://www.squirrelmail.org/download.php

ebuild doesnt need to be changed much. SOrry have to get too work now so i cant
 make a fixed ebuild. BUt if the bug isnt solved yet when i come back i make one.

Ferry Meyndert <m0rpheus@poseidon.mine.nu>

Comment 1 Mikael Hallendal (hallski) (RETIRED) gentoo-dev

2002-01-27 04:48:11 UTC


*** This bug has been marked as a duplicate of 354 ***