CVE - CVE-2005-1924

CVE-ID
CVE-2005-1924	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. NOTE: this issue may overlap CVE-2007-3636.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:24874 URL:http://www.securityfocus.com/bid/24874 BUGTRAQ:20070711 SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability URL:http://www.securityfocus.com/archive/1/473370/100/0/threaded EXPLOIT-DB:4173 URL:https://www.exploit-db.com/exploits/4173 GENTOO:GLSA-200708-08 URL:http://security.gentoo.org/glsa/glsa-200708-08.xml IDEFENSE:20070711 SquirrelMail G/PGP Plugin deleteKey() Command Injection Vulnerability URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=329 IDEFENSE:20070711 SquirrelMail G/PGP Plugin gpg_recv_key() Command Injection Vulnerability URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=331 OSVDB:37923 URL:~~http://osvdb.org/37923~~ (Obsolete source) OSVDB:37924 URL:~~http://osvdb.org/37924~~ (Obsolete source) SECUNIA:26035 URL:http://secunia.com/advisories/26035 SECUNIA:26424 URL:http://secunia.com/advisories/26424 VIM:20070711 True: SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln URL:http://www.attrition.org/pipermail/vim/2007-July/001710.html VUPEN:ADV-2007-2513 URL:~~http://www.vupen.com/english/advisories/2007/2513~~ (Obsolete source) XF:squirrelmail-gpgp-keyfunc-command-execution(35364) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/35364 XF:squirrelmail-gpgp-keyring-command-execution(35355) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/35355
Assigning CNA
MITRE Corporation
Date Record Created
20050608	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050608)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)