Vulnerability Description
The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. NOTE: this issue may overlap CVE-2007-3636.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Squirrelmail | Gpg Plugin | <= 2.1 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=329
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=331
- http://osvdb.org/37923
- http://osvdb.org/37924
- http://secunia.com/advisories/26035Vendor Advisory
- http://secunia.com/advisories/26424
- http://security.gentoo.org/glsa/glsa-200708-08.xml
- http://www.attrition.org/pipermail/vim/2007-July/001710.html
- http://www.securityfocus.com/archive/1/473370/100/0/threaded
- http://www.securityfocus.com/bid/24874
- http://www.vupen.com/english/advisories/2007/2513
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35355
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35364
- https://www.exploit-db.com/exploits/4173
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=329
FAQ
What is CVE-2005-1924?
CVE-2005-1924 is a vulnerability with a CVSS score of 9.3 (HIGH). The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gp...
How severe is CVE-2005-1924?
CVE-2005-1924 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1924?
Check the references section above for vendor advisories and patch information. Affected products include: Squirrelmail Gpg Plugin.