Vulnerability Name:

CVE-2007-3635 (CCN-35852)

Assigned:2007-07-07
Published:2007-07-07
Updated:2008-11-15
Summary:Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors.
Note: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634.
CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P)
3.5 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2007-3635

Source: OSVDB
Type: UNKNOWN
45789

Source: CCN
Type: VIM Mailing List, Tue Jul 10 01:46:25 UTC 2007
SquirrelMail GPG Plugin Vulnerabilities

Source: VIM
Type: UNKNOWN
20070710 SquirrelMail GPG Plugin Vulnerabilities

Source: CCN
Type: OSVDB ID: 45789
SquirrelMail G/PGP (GPG) Plugin Unspecified Local Command Injection

Source: CCN
Type: SquirrelMail Web site
Plugins - G/PGP Encryption Plugin

Source: CONFIRM
Type: Patch
http://www.squirrelmail.org/plugin_view.php?id=153

Source: XF
Type: UNKNOWN
squirrelmail-gpgp-unspec-command-execution(35852)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:squirrelmail:gpg_plugin:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    squirrelmail gpg plugin 2.0
    squirrelmail squirrelmail 1.4.10a