Document SquirrelMail vulnerability

This commit is contained in:
Steve Wills 2017-08-22 17:22:33 +00:00
parent 1daf3af818
commit 69eb65ecdc
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=448569

View file

@ -58,6 +58,35 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="e1de77e8-c45e-48d7-8866-5a6f943046de">
<topic>SquirrelMail -- post-authentication remote code execution</topic>
<affects>
<package>
<name>squirrelmail</name>
<range><lt>20170705</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SquirrelMail developers report:</p>
<blockquote cite="http://seclists.org/fulldisclosure/2017/Apr/81">
<p>SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN)
allows post-authentication remote code execution via a sendmail.cf
file that is mishandled in a popen call. It's possible to exploit this
vulnerability to execute arbitrary shell commands on the remote
server.</p>
</blockquote>
</body>
</description>
<references>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7692</url>
</references>
<dates>
<discovery>2017-04-19</discovery>
<entry>2017-08-22</entry>
</dates>
</vuln>
<vuln vid="6876b163-8708-11e7-8568-e8e0b747a45a">
<topic>pspp -- multiple vulnerabilities</topic>
<affects>