CVE-2009-1381

Publication date 22 May 2009

Last updated 4 August 2025

Ubuntu priority

Description

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
squirrelmail	9.10 karmic	Not affected
	9.04 jaunty	Fixed 2:1.4.15-4ubuntu0.2
	8.10 intrepid	Fixed 2:1.4.15-3ubuntu0.3
	8.04 LTS hardy	Fixed 2:1.4.13-2ubuntu1.4
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2009-1381