CVE-2009-1381

Name of the Vulnerable Software and Affected Versions SquirrelMail versions prior to 1.4.19-1

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. This is due to an incomplete fix for a previous issue.

Recommendations For versions prior to 1.4.19-1, update to version 1.4.19-1 or later to resolve the issue. As a temporary workaround, consider restricting access to the map yp alias function in functions/imap general.php to minimize the risk of exploitation.