Paul Lesniewski

**Name of the Vulnerable Software and Affected Versions** Squirrelmail Vacation plugin versions 0.15 and earlier **Description** The issue allows local users to execute arbitrary commands via shell metacharacters in a command line argument. This is related to the ftpfile in the Vacation plugin. **Recommendations** For Squirrelmail Vacation plugin versions 0.15 and earlier, update to a version later than 0.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Squirrelmail Vacation plugin versions 0.15 and earlier **Description** A directory traversal issue exists, allowing local users to read arbitrary files by including a .. (dot dot) in a get request. **Recommendations** For Squirrelmail Vacation plugin versions 0.15 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SquirrelMail versions prior to 4.0 **Description** A buffer overflow issue exists in the chpasswd command within the Change passwd plugin. This allows local users to potentially gain root privileges by providing a long user name. **Recommendations** For versions prior to 4.0, update to version 4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the chpasswd command to minimize the risk of exploitation.