Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2005 > Two Vulnerabilities in the SquirrelMail Vacation Plugin

January 2005

Two Vulnerabilities in the SquirrelMail Vacation Plugin

ID: 00026
Ref: 23/05
Date: 12 January 2005:13:22:49
Version: 1
Title: Two Vulnerabilities in the SquirrelMail Vacation Plugin
Abstract: LSS Security Team has reported two vulnerabilities in the Vacation plugin for SquirrelMail, which can be exploited by malicious, local users to gain escalated privileges and disclose sensitive information.
TITLE:
SquirrelMail Vacation Plugin Two Vulnerabilities

SECUNIA ADVISORY ID:
SA13791

VERIFY ADVISORY:
http://secunia.com/advisories/13791/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information, Privilege escalation

WHERE:
Local system

SOFTWARE:
Vacation 0.x (SquirrelMail plugin) http://secunia.com/product/4499/

DESCRIPTION:
LSS Security Team has reported two vulnerabilities in the Vacation plugin for
SquirrelMail, which can be exploited by malicious, local users to gain escalated
privileges and disclose sensitive information.

1) The vulnerability is caused due to an input validation error in the command
line handling in "ftpfile" and allows injection of arbitrary shell commands. This
can be exploited by supplying a specially crafted command line argument containing
shell meta characters.

2) The vulnerability is caused due to an input validation error in "ftpfile",
making it possible to disclose arbitrary files via directory traversal attacks.

The vulnerabilities have been reported in version 0.15 and prior.

SOLUTION:
Remove the setuid bit from "ftpfile". This may affect functionality.

PROVIDED AND/OR DISCOVERED BY:
LSS Security Team

ORIGINAL ADVISORY: http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-03

- ----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help everybody keeping
their systems up to date against the latest vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by clicking the link.
Secunia NEVER sends attached files with advisories. Secunia does not advise people to
install third party patches, only use those supplied by the vendor.

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |