The Squirrelmail G/PGP Plugin contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a webmail user constructs a To: string with an embedded command and then encrypts the message. This flaw may lead to the execution of arbitrary commands as the web server user.

SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript required) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation.

The initial reports from Bugtraq Security (Not associated with the Bugtraq list) are apparently wrong. The current (1.4.2) version and the CVS version are NOT vulnerable, however 1.4.1 and possibly earlier versions are, which Squirrelmail is combined with the G/PGP Plugin.

Upgrade to Squirrelmail version 1.4.2 or higher, as it has been reported to fix this vulnerability. This issue may also be resolved by implementing the following workaround(s): Turn off the G/PGP Plugin.

• Secunia Advisory ID: 10493
• ISS X-Force ID: 14079
• CVE ID: 2003-0990 (see also: NVD)
• Metasploit ID: 3178
• Bugtraq ID: 9296
• Generic Exploit URL: http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/3777.html
• Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=107247236124180&w=2
  http://www.securityfocus.com/archive/1/348366
• Vendor Specific Solution URL: http://www.braverock.com/bugzilla/show_bug.cgi?id=139
• Other Advisory URL: http://www.bugtraq.org/advisories/_BSSADV-0001.txt
• Vendor URL: http://www.squirrelmail.org/
  https://www.braverock.com/gpg/

Unknown or Incomplete